Adobe May 2014 Patch Tuesday
We are now up to 3 bulletins from Adobe.
TL;DR ? Current versions in one simple table (I hope I got that right):
Windows | OS X | Linux | |
---|---|---|---|
Adobe Reader XI | 11.0.07 | 11.0.07 | - |
Adobe Reader X | 10.1.10 | 10.1.10 | - |
Adobe Flash Player 13 | 13.0.0.214 | 13.0.0.214 | 11.2.202.359 |
Adobe Flash Player (Google Chrome) | 13.0.0.214 | 13.0.0.214 | 13.0.0.214 |
Adobe Flash Player (MSFT Internet Expl) | 13.0.0.214 | - | - |
Adobe Air SDK | 13.0.0.111 | ||
Adobe Illustrator Subscription | 16.2.2 | 16.2.2 | |
Adobe Illustrator Non-Subscription | 16.0.5 | 16.0.5 |
APSB14-14: covering Flash Player [1]. It fixes 6 different vulnerabilities, one of which was found earlier this year during the pwn2own contest (CVE-2014-0510).
These vulnerabilities affect Windows, Linux and OS X. Adobe assigned them "Priority 1" indicating that they may have been used in targeted exploits. This makes this a "Patch Now!" vulnerability for us.
CVE-2014-0510: pwn2own vulnerability. remote code execution with sandbox bypass.
CVE-2014-0516: Same origin bypass
CVE-2014-0517: Security feature bypass
CVE-2014-0518: Security feature bypass
CVE-2014-0519: Security feature bypass
CVE-2014-0520: Security feature bypass
APSB14-15: For Adobe Acrobat and Reader [2]
CVE-2014-0511: pwn2own vulnerability. remote code execution wiht sandbox bypass
CVE-2014-0512: pwn2own vulnerability. remote code execution wiht sandbox bypass
CVE-2014-0521: information disclosure in Javascript API
CVE-2014-0522: code execution (memory corruption)
CVE-2014-0523: code execution (memory corruption)
CVE-2014-0524: code execution (memory corruption)
CVE-2014-0525: code exectution (use after free?)
CVE-2014-0526: code execution (memory corruption)
CVE-2014-0527: code execution (use after free)
CVE-2014-0528: code execution (double free)
CVE-2014-0529: code execution (buffer overflow)
Like the Flash bulletin, this one is rated "Priority 1".
APSB14-11: Hotfix for Adobe Illustrator
CVE-2014-0513: code execution (Stack Overflow)
This bulletin is only rated "Priority 3".
[1] http://helpx.adobe.com/security/products/flash-player/apsb14-14.html
[2] http://helpx.adobe.com/security/products/reader/apsb14-15.html
[3] http://helpx.adobe.com/security/products/illustrator/apsb14-11.html
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
http://helpx.adobe.com/security/products/reader/apsb14-15.html
http://helpx.adobe.com/security/products/illustrator/apsb14-11.html
Anonymous
May 13th 2014
1 decade ago