Bios Password

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, December 12, 2009

Brief Adobe Update News

Posted on 9:50 PM by Unknown

Clean Briefs

In case you missed it (or your commonly installed Windows Adobe products did at least), this past week or so a few security issues got patched in updates to Adobe’s Flash and Air products.

  • Several holes closed in Adobe Flash Player - The H Security: News and Features
  • Adobe flash player and air patched – ISC SANS Handler’s Diary post.  From that post by Swa Frantzen:

Read more about it in the apsb09-19 bulletin from adobe.

The reason behind it are 7 vulnerabilities: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800 and, CVE-2009-3951 of which 6 lead to arbitrary code execution and the last one is a windows-only issue leading to unauthorized information disclosure, related to CVE-2008-4820.

Additional information in post updates suggests that Adobe will be abandoning Adobe Flash 9 pretty much as it marches forward with version 10.

While Adobe Reader will (depending on configuration) offer a reminder you have an update to apply, Flash and Air do no such thing in my Windows sysadmin experiences.  You just have to pay attention and know to update.

For those wishing linkage for some strange reason, find the latest version direct from Adobe here:

  • Get Adobe Flash Player at Adobe.com

  • Get Adobe Air at Adobe.com

  • Get Adobe Shockwave Player at Adobe.com

  • Get Adobe Reader at Adobe.com

For an alternative (and trusted alternative) I prefer to get my off-line update packages for Adobe from FileHippo.com.

  • Download Flash Player 10.0.42.34 (Non-IE) - FileHippo.com.

  • Download Flash Player 10.0.42.34 (IE) - FileHippo.com.

  • Download Adobe Air 1.5.3.9120 - FileHippo.com.

  • Download Shockwave Player 11.5.2.602 - FileHippo.com.

  • Download Adobe Reader 9.2 - FileHippo.com.

  • FileHippo's Adobe catalog of downloads – One-stop shopping

Next-Gen Adobe Flash/Air Beta’s out

You may or may not also be aware of the fact that Adobe has publically available “Beta” versions of Air and Flash out.  I’ve been using these on all my systems with no ill effects.  Performance seems just fine, if not a bit better than the stable “current” release levels of the products.

  • Adobe Flash 10.1 and AIR 2.0 Betas Released: Life Is Better Now - Gizmodo.

  • Adobe Air 2 goes beta, adds tons of new features, sucks a whole lot less - DownloadSquad

For the curious you can get them directly from the Adobe Labs Homepage

  • Adobe Labs - Adobe Flash Player 10.1.

  • Adobe Labs - Adobe AIR 2.

Or from FileHippo.com as well.

  • Download Flash Player 10.1.51.45 Beta (IE) - FileHippo.com.

  • Download Flash Player 10.1.51.45 Beta (Non-IE) - FileHippo.com.

  • Download Adobe Air 2.0.0.10760 Beta - FileHippo.com.

Redaction Fail

Did I do that?

Yes, you did.

In unrelated, related news to Adobe appears someone(s) from deep within the bowels of the TSA is(are) now emptying their bowels due to an unfortunate Adobe Acrobat document redaction FAIL.

  • TSA can’t redact documents properly, releases s00per s33kr1t operations manual - Boing Boing

  • Screening Management SOP – The Wandering Aramean blog.

  • TSA Publishes Standard Operating Procedures – Schneier on Security. Contains notice and links to two event updates: TSA puts 5 on leave after security manual hits Internet - CNN.com and Did The TSA Compromise An Intelligence Program? - The Atlantic Politics Channel

Which apparently all could possibly have been avoided had the l33t TSA cyberteam used an updated version of Adobe Acrobat Professional…

  • The PDF redaction problem: TSA may have been using old software - Betanews.image

…or maybe just bothered to read one of the following other sister-agencies “redaction for dummies” guides…

More Redaction Resources and How-To’s 

  • Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF (PDF) - National Security Agency

  • Redaction of Information – USCourts.gov

  • Redaction of Confidential Information in a Document (PDF) – NASA.gov

  •  Without a trace -- Government Computer News

    Speaking of hiding/finding Data in PDFs…

    I wonder what our resident forensics expert on Adobe PDF documents makes of the situation…

    Goodness knows he’s the expert in all things hidden and exposed in PDF files!

    This wonderful cruise-ship jaunt by the TSA might be causing a new wave of web-accessible PDF searches and examinations of redacted PDF documents for fun and entertainment.

    And yet, I wonder if we aren’t all coming out wiser citizens in some way…

    So with that in mind I say, “Thanks, TSA.”  I really do believe you’ve taught us some valuable security lessons in the name of public policy and operational transparency redaction methodology.

    --Claus V.

    Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
    Posted in PDF's, security, tutorials | No comments
    Newer Post Older Post Home

    0 comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)

    Popular Posts

    • Finally! Time to Post! New material list
      After a recent text from my bro reminding me it has been since March since I’ve done a blog post, I was finally able to clear the schedule a...
    • Oscar watch Linkpost
      Alvis and Lavie are watching the Oscars tonight and I’m along for the ride. I wasn’t able to come even close to getting out some of the pos...
    • New Year’s Day - First Post 2011
      Same day I came out with my first post after a long drought, I fell upon this article Blogging Seems To Have Peaked, Says Pew Report over a...
    • Utility Gumbo
      There’s a lot in this pot.  Probably something everyone can find to enjoy. I’m serving it up tonight out of the back of the truck on the s...
    • iodd : Multi-boot madness!
      Like many computer technicians and responders, I seem to always have at hand a collection of bootable media; CD’s, DVD’s, USB-HDD’s, flash m...
    • Ubuntu 13.10 Upgrade - Lessons Learned & VIDMA utility found
      A few weeks ago a new release of Ubuntu came out. Naturally that meant it was update time! I have been getting pretty good at this now so ...
    • Interesting Malware in Email Attempt - URL Scanner Links
      Last weekend I spent some time with extended family helping confirm for them that their on-line email account got hacked and had been used t...
    • Windows 8 Linkage: A Bit Behind the Ball
      CC attribution: behind the eight ball by Ed Schipul on flickr . OK. Confession time. I’m more than a bit exhausted this weekend. Besides a...
    • Lego MiniFig Extravaganza
      picture clipped from Wired’s clip from Gizmodo clip… Thanks in no small part to the Windows 7 RC release, XPM mode research, and a big “l...
    • This Week in Security and Forensics: Beware the cake!
      Cube Party! image used with permission from John Walker at "rockpapershotgun.com" Yeah, the cake is a Portal thing.  Let’s d...

    Categories

    • Active Directory
    • anti-virus software
    • Apple
    • architecture
    • art
    • AVG
    • Blogger
    • blogging
    • books
    • boot-cd's
    • browsers
    • cars
    • cell-phones
    • cheat sheets
    • Chrome/Chromium
    • command-line interface
    • cooking
    • crafts
    • crazy
    • curmudgeon
    • DHC
    • Dr. Who
    • E-P1
    • Education
    • family
    • Firefox
    • firewalls
    • For the Gentleman
    • forensics
    • Gmail
    • Google
    • graphics
    • hacks
    • hardware
    • humor
    • hurricanes
    • imagex
    • Internet Explorer
    • iOS
    • iPhone
    • iPod
    • iTunes
    • Kindle
    • Learning
    • Link Fest
    • Linux
    • malware tools
    • Microsoft
    • movies
    • music
    • networking
    • NewsFox
    • NFAT
    • Nook
    • Opera
    • organization
    • PDF's
    • photography
    • politics
    • PowerShell
    • recipes
    • Remote Support
    • RSS
    • science
    • Scripting
    • search engines
    • security
    • Shuttle SFF
    • software
    • Texana
    • Thunderbird
    • troubleshooting
    • TrueCrypt
    • tutorials
    • utilities
    • VBscript
    • video
    • Virtual PC
    • virtualization
    • viruses
    • Vista
    • Vista mods
    • wallpapers
    • Win FE
    • Win PE
    • Win RE
    • Windows 7
    • Windows 8
    • Windows Home Server
    • Windows Live Writer
    • Windows Phone
    • writing
    • XP
    • XP mods
    • Xplico

    Blog Archive

    • ►  2013 (83)
      • ►  November (8)
      • ►  October (8)
      • ►  September (14)
      • ►  August (6)
      • ►  July (10)
      • ►  June (10)
      • ►  April (11)
      • ►  March (6)
      • ►  February (7)
      • ►  January (3)
    • ►  2012 (96)
      • ►  December (8)
      • ►  November (4)
      • ►  October (9)
      • ►  September (8)
      • ►  August (12)
      • ►  July (4)
      • ►  June (3)
      • ►  May (7)
      • ►  April (13)
      • ►  March (3)
      • ►  February (5)
      • ►  January (20)
    • ►  2011 (41)
      • ►  December (8)
      • ►  November (7)
      • ►  September (4)
      • ►  August (4)
      • ►  July (2)
      • ►  June (6)
      • ►  March (5)
      • ►  February (1)
      • ►  January (4)
    • ►  2010 (69)
      • ►  December (1)
      • ►  October (3)
      • ►  September (2)
      • ►  August (13)
      • ►  July (17)
      • ►  June (3)
      • ►  May (3)
      • ►  April (3)
      • ►  March (11)
      • ►  February (1)
      • ►  January (12)
    • ▼  2009 (177)
      • ▼  December (20)
        • Browser Wars
        • iTunes Damage Control
        • Tiny CLI Revisit
        • T-Bird 3.0 versus Outlook 2010 (beta)
        • Run Windows Remote Desktop Connection on Win7 “Hom...
        • I’m no dummy (but I know how to make one…)
        • Tiny Stuff
        • For the Geeky Crew _ Mostly Virtualized
        • DECAF and COFEE, and a brush
        • Mostly Windows Virtualization stuff
        • Sync & Backup Tools (freeware)
        • Get your Big Whata-Microsoft Linkdump Here!
        • Minor manual tweaking of freeCommander
        • Hmmm. So that '403-thing' WAS a real problem...
        • Free Windows GREP tools – I’m Excited!
        • Brief Adobe Update News
        • In Texas? Really!
        • Get Yer Own Free DNS Service!
        • Valca Mobile Phone Upgrade
        • More to come…but for now…drive recovery first
      • ►  November (11)
      • ►  October (7)
      • ►  September (7)
      • ►  August (21)
      • ►  July (17)
      • ►  June (7)
      • ►  May (18)
      • ►  April (9)
      • ►  March (17)
      • ►  February (23)
      • ►  January (20)
    • ►  2008 (35)
      • ►  December (23)
      • ►  November (12)
    Powered by Blogger.

    About Me

    Unknown
    View my complete profile