Wednesday, August 13, 2014

CRITICAL New Adobe and Apple Updates:
Adobe Flash, Adobe AIR and Apple Safari

--

Both Apple and Adobe have provided critical updates this week:

I. ADOBE UPDATES

Adobe Flash v14.0.0.176
Adobe AIR v14.0.0.178

Adobe released 'second Tuesday of the month' updates for Adobe Reader, Adobe Flash and Adobe AIR. Both Flash and AIR include CRITICAL security updates for OS X users.

Adobe's security bulletin for Flash and AIR can be found HERE.

These updates resolve memory leakage vulnerabilities that could be used to bypass memory address randomization (CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545). These updates resolve a security bypass vulnerability (CVE-2014-0541). These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2014-0538).
Keep in mind that every security update of Flash means there is also a security update of AIR.


II. APPLE UPDATES

Apple Safari v6.1.6
Apple Safari v7.0.6

Both updates are available using "Software Update" in the Apple menu of OS X. Quoting from Apple's security content documentation for the updates: 
WebKit

Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
IOW: The usual bad memory management security holes, the curse of contemporary coding. I'm hoping that Apple's new Swift programming language will end this trend.

The CVEs patched are: 

CVE-2014-1384
CVE-2014-1385
CVE-2014-1386
CVE-2014-1387
CVE-2014-1388
CVE-2014-1389
CVE-2014-1390




* You can check out CVEs (Common Vulnerabilities and Exposures) using the "CVE Search" link on the right of this page.

--

No comments:

Post a Comment