-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0037 Title: Security updates available for Adobe Flash Player [1] Version history: 19.04.2013 Initial publication Summary ======= Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. CVE names: [2] CVE-2013-1378 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2013-1379 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2013-1380 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2013-2555 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) Vulnerable systems ================== Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh Adobe Flash Player 11.2.202.275 and earlier versions for Linux Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x Adobe AIR 3.6.0.6090 and earlier versions for Windows, Macintosh and Android Adobe AIR 3.6.0.6090 SDK & Compiler and earlier versions What can you do? ================ Adobe recommends ColdFusion customers update their installation using the instructions provided in the SOLUTION point of its bulletin [1]. What to tell your users? ======================== Normal security best practices apply. Especially, inform your Web users to be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Users are to be aware not to click on the link in suspicious emails; to immediately forward the suspicious email to the respective IT security officer / contact in your institution. More information ================ [1] http://www.adobe.com/support/security/bulletins/apsb13-11.html [2] http://web.nvd.nist.gov/ Best regards, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJRcVyJAAoJEPpzpNLI8SVo2BoP/iH3CAyqVLKRR3LoEHtKRV2n yQUaSYTbKu/usBSikIGrYrxFJCh7xrHKcCPaTl0uJAIBGSR7u4J3YPGVrfRUHE8p KeY8YPuDjVc/zhRhMeBanCZFT+dFsCpwrM91nWOYwXRXdBbbOp96V/O2cMBah3Su vWXuNgLhxu/xofQaky5SzStnahAk36krG/O7OrCc9OqccCC0SFhNdS4sKJGLJF8o l+tj1SlRWPCGjpaHYN2KU9dcj4JYUtzIKMRYJu+QCiiqwDk1J1Tr5S4I4bhqgYQ4 JVGb8Z42PHSOjh5MWxAhD/QK9K4ovXRGQr1xbYinWta3xP1E4C6tW0EzFFHSqVUb 2WgjatisBepUxCzl7jZevnTX33dhoXVZpzzKosaaswaSTJhRwLSdmjaznyqMFrSo nPVbAQ+YLqBr6gr3mdg2KDZvyrLeIKPDFEwWfppA5gdRJbqFwQYeBzA9DqHrsLVv KeQzsklR1myGtDzQ7P8Brrpntnd1K8so6XMzeC8VGwshwA+tpmbPfrZjS3Yloj+Z BzygqzWFmQS0Xbcd0VeJ7DAfPjG+pumrM/4Ur39c2c6e1FO94deqtCRR7uptXu9a J2kQDgY7gFSnd+pkV9g07eZBLDT8u9aKh0kX7EX8Ef6E8yJD3HIgSbowb8wYFKHK WUI3eo93sGjaw+ROp76F =Tqg1 -----END PGP SIGNATURE-----