Daily Archives: May 10, 2016

Adobe, Flash, Patches and updates, Security

Flash update incoming

1 Comment

Maybe the Flash developers didn’t make the deadline for Patch Tuesday, so they felt left out. Anyway, according to a security advisory published today, Adobe is working on an emergency update for Flash, to address one specific vulnerability, CVE-2016-4117.

That vulnerability is so new, it doesn’t appear in the vulnerability databases. Adobe refers to it as critical, and indeed, exploits have already been observed in the wild (which makes this a good example of a zero-day vulnerability). Adobe expects to publish a new version of Flash that addresses this vulnerability as early as May 12.

Interestingly, the advisory states that the vulnerability exists in Adobe Flash Player 21.0.0.226 and earlier, while the most recent published versions are 21.0.0.213 and 21.0.0.216. Now I’m thinking that Adobe delayed the Flash update scheduled for Patch Tuesday (which presumably would have been version 21.0.0.226) to give them time to fix CVE-2016-4117.

Adobe, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for May 2016

Leave a comment

This month, besides the usual pile ‘o patches from Microsoft, we have updates for Adobe Reader/Acrobat, but (big surprise) not for Flash.

There are sixteen Microsoft updates, addressing thirty-seven vulnerabilities in Windows, Internet Explorer, Office, Edge, and .NET. There’s also Microsoft Security Advisory 3155527. At least one of the vulnerabilities (CVE-2016-0189) is being actively exploited. This flaw could allow an attacker to execute malicious code if an unpatched computer visits a malicious or compromised web site.

The Adobe Reader update addresses over ninety vulnerabilities, which must set some kind of record. And not the good kind. If you use Reader in any context, you should update it to address these critical security issues.