Tag Archives: adobe

Adobe, Apple, Microsoft & Mozilla Issue Critical Patches

November 9, 2011

Adobe, Apple, Microsoft and Mozilla all released updates on Tuesday to fix critical security flaws in their products. Adobe issued a patch that corrects four vulnerabilities in Shockwave Player, while Redmond pushed out updates to address four Windows flaws. Apple slipped out an update for its version of Java that mends at least 17 security holes, and Mozilla issued yet another major Firefox release, Firefox 8.

Something Old is New Again: Mac RATs, CrimePacks, Sunspots & ZeuS Leaks

May 16, 2011

One of the biggest challenges in information security — and with security reporting in general — is separating what’s new and worth worrying about from seemingly new threats and developments that really are just old threats repackaged or stubborn facts that get rediscovered by a broader audience. This post represents my attempt to apply that sorting process to several security news headlines that readers have been forwarding my way in the past week, and to add a bit more information from my own reporting.

Time to Patch Your Flash

April 15, 2011

If it seems like you just updated your Flash Player software to plug a security hole that attackers were using to break into computers, you’re not probably not imagining things: Three weeks ago, Adobe rushed out a new version to sew up a critical new security flaw. Today, Adobe issued a critical Flash update to eliminate another dangerous security hole that criminals are actively exploiting.

This new update addresses a vulnerability first detailed here at KrebsOnSecurity.com on Tuesday, and Adobe deserves credit for responding quickly with a patch. But there are few things that are simple about updating Flash, which ships in a dizzying array of version numbers and for many users must be deployed at least twice to cover all browsers. In addition, users may have to uninstall the existing version before updating to guarantee a trouble-free install. Also, Adobe Air will need to be updated if that software also is already installed. Finally, fixing this same vulnerability in Adobe Reader and Acrobat will require installing another patch, which won’t be out for at least another 10 days.