Adobe has released critical security updates for Experience Manager, Connect, Flash Player, Photoshop CC and Bridge CC. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The Linux and Mac operating systems are affected apart from Windows.
APSB16-05 (Adobe Experience Manager) :
– A URL filter bypass vulnerability that could be used to circumvent dispatcher rules (CVE-2016-0957).
– An information disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 (CVE-2016-0956).
– A cross-site scripting vulnerability that could lead to information disclosure (CVE-2016-0955).
Affected Versions: 6.1.0, 6.0.0, 5.6.0 on Windows, Unix, Linux and OS X.
APSB16-04 (Adobe Flash Player):
– A type confusion vulnerability that could lead to code execution (CVE-2016-0985).
– An use-after-free vulnerabilities that could lead to code execution (CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984).
– A heap buffer overflow vulnerability that could lead to code execution (CVE-2016-0971).
– The memory corruption vulnerabilities that could lead to code execution
(CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,
CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972,
CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,
Affected Versions: 18.104.22.1686 and earlier, 22.214.171.1245 and earlier on Windows and OS X, 126.96.36.1999 and earlier on Unix, Linux.
APSB16-03 (Adobe Connect):
– A Cross-Site Request Forgery protection feature (CVE-2016-0948).
– An insufficient input validation in a URL parameter (CVE-2016-0949).
– A vulnerability that could be used to misrepresent information presented in the user interface (content spoofing) (CVE-2016-0950).
Affected Versions: 9.4.2 and earlier versions on Windows.
Affected Versions: 6.1.1 and earlier versions on Windows and OS X.