Tuesday, August 14, 2012

Adobe Update Day!
The first on-time
scheduled update day.

--
For the very first time, Adobe has been able to hold onto its security updates until its scheduled quarterly update day. Imagine that! No zero-day Adobe exploits have shown up in the last few months, allowing Adobe to actually release its intended slew of security updates as intended. They've been attempting this feat for years. Applause please for the incomparable Adobe! ;-)

Here are the updates:

I) Adobe Flash Player v11.3.300.271

The security bulletin is available HERE. The update patches CVE-2012-1535. The security hole involves maliciously crafted Word documents on the Internet that target the ActiveX version of Flash Player for Internet Explorer on Windows. (ActiveX is a wide open door to computer security exploits. Never use it). Apparently, this exploit can nail Mac users who are using ActiveX as well, although Adobe have not made this clear. IOW: Non-critical for Macs.

BTW: August 15, 2012 is The Death Of Flash Day for Android devices. *smirk*

II) Adobe Shockwave Player v11.6.6.636

The security bulletin is available HERE. The update patches CVE-2012-2043, 2044, 2045, 2046 and 2047. All of these security holes involved memory corruption, aka the usual memory management chaos inherent in today's primitive programming languages. IOW: Critical for Macs.

II) Adobe Reader and Adobe Acrobat v10.1.4

The security bulletin is available HERE. The update patches an enormous slew of CVE issues. Here's the list: CVE-2012-1525, 2049, 2050, 2051, 4147, 4148, 4149, 4150, 4151, 4152, 4153, 4154, 4155, 4156, 4157, 4158, 4159, 4160, 4161, 4162. These security holes involve a stack overflow, buffer overflow, a heap overflow and quite a few memory corruption coding problems: aka more of the same memory management chaos inherent in today's primitive programming languages blahblahblah. IOW: CRITICAL for Macs.

Get your updates today! If Adobe manages to keep a cap on new security holes, watch for another set of scheduled updates in November 2012.

BTW: 

Q: Do I believe scheduled security update days are a good idea?

A: HELL NO! They're convenient for the snoozing developer as well as lazy IT employees. The only good schedule is ASAP patching of security holes AS THEY'RE DISCOVERED. The idea is to keep malware rats off-balance and frustrated. Scheduled security updates only enable malware rats to enjoy the rewards of their dirty deeds while their computer victims are forced to sit around and wait for a cure. That's ridiculous. Don't let anyone tell you different! Lazy is lousy. Convenience is chaos. Professionals know better.
--

No comments:

Post a Comment