Thursday, November 16, 2017

Adobe DNG Converter Patch Available

Adobe has released updated version of their Adobe DNG Converter for Windows. Update fixes a critical memory corruption vulnerability (CVE-2017-11295).

Affected are Adobe DNG Converter versions older than 10.0.

More information from the Adobe's security advisory.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix two important categorized vulnerabilities (CVE-2017-3111 and CVE-2017-11296) and one moderate vulnerability (CVE-2017-3109).

Affected are versions 6.0, 6.1, 6.2 and 6.3

More information from the Adobe's security advisory.

Shockwave Player Updated

Adobe have released an updated version of their Shockwave Player. The new version fixes a security vulnerability that could potentially lead to remote code execution (CVE-2017-11294).

Users of Adobe Shockwave Player 12.2.9.199 and earlier should update to Adobe Shockwave Player 12.3.1.201.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes an XML external entity processing vulnerability rated critical that could lead to information disclosure, out-of-bounds read vulnerabilities that could lead to the disclosure of memory addresses and a memory corruption vulnerability that could lead to the disclosure of memory addresses.

Affected versions are Adobe Digital Editions 4.5.6 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.7).

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe InDesign Update Available

Adobe have released updated versions of Adobe InDesign for Windows and Macintosh. The new update resolves a critical memory corruption vulnerability (CVE-2017-11302) that could be abused to execute code remotely. The vulnerability is caused by improper handling of a malformed .inx file.

Affected versions:
- Adobe InDesign earlier than 13.0


More information can be read from Adobe's security bulletin.

Wednesday, November 15, 2017

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2017.012.20098 and earlier

*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30066 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30355 and earlier

*of series XI (11.x)
Adobe Reader 11.0.22 and earlier
Adobe Acrobat 11.0.22 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect for Windows. The new update resolves a critical Server-Side Request Forgery (SSRF) vulnerability (CVE-2017-11291) that could be abused to bypass network access controls. The update contains also fixes to three input validation vulnerabilities (CVE-2017-11287, CVE-2017-11288, CVE-2017-11289) that could be used in cross-site scripting attacks. In additional to these the update contains a mitigation to help protect users from clickjacking attacks (CVE-2017-11290).

Affected versions:
- Adobe Connect earlier than 9.7


More information can be read from Adobe's security bulletin.