Adobe Security Updates For December 2016

  • Post author:
  • Reading time:9 mins read

Adobe has released four critical Security Updates December 2016  for Adobe Animate (APSB16-38), Adobe Flash Player (APSB16-39), Adobe DNG Converter (APSB16-41), Adobe InDesign (APSB16-43) and five important security updates for Adobe Experience Manager (AEM) Forms (APSB16-40), Adobe Experience Manager (APSB16-42),  Adobe ColdFusion Builder (APSB16-44), Adobe Digital Editions (APSB16-45), and Adobe RoboHelp (APSB16-46) which covers a total of 30 CVEs.

The security update for Adobe Animate, Adobe DNG Converter and Adobe InDesign resolves a critical memory corruption vulnerability. The Security Updates December 2016 for Adobe Flash Player resolve use-after-free, buffer overflow, memory corruption vulnerabilities that could lead to code execution.

The security updates for Adobe Experience Manager (AEM) Forms, Adobe Experience Manager, Adobe RoboHelp resolve an important input validation issue that could lead to code execution and cross-site scripting attacks. The security updates for Adobe ColdFusion Builder, Adobe Digital Editions resolves an important vulnerability that could lead to information disclosure and a memory address leak respectively.

The most notable update was APSB16-39 resolving 17 total vulnerabilities for Flash Player which fixed a zero-day vulnerability with exploits in the wild that is being used in targeted attacks against users running the 32-bit version of IE on Windows.

Here are the details of Critical Security Updates and security Advisory:

Adobe Animate (APSB16-38):
– The memory corruption vulnerability (CVE-2016-7866).

Affected Versions:

  • Adobe Animate 15.2.1.95 and earlier versions on Windows and Macintosh

Adobe Flash Player (APSB16-39):
– The use-after-free vulnerabilities that could lead to code execution (CVE-2016-7872, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7892).
– The buffer overflow vulnerabilities that could lead to code execution (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870).
– The memory corruption vulnerabilities that could lead to code execution (CVE-2016-7871, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876).

Affected Versions:

  • Adobe Flash Player Desktop Runtime 23.0.0.207 and earlier on Windows and Macintosh.
  • Adobe Flash Player for Google Chrome 23.0.0.207 and earlier on Windows, Macintosh, Linux and Chrome OS.
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 23.0.0.207 and earlier on Windows 10 and 8.1.
  • Adobe Flash Player for Linux 11.2.202.644 and earlier on Linux.

Adobe Experience Manager (AEM) Forms (APSB16-40):
– An input validation issue in the AACComponent that could be used in cross-site scripting attacks (CVE-2016-6933).
– An input validation issue in the PMAdmin module that could be used in cross-site scripting attacks (CVE-2016-6934).

Affected Versions:

  • Adobe Experience Manager Forms 6.2, 6.1, 6.0 on Windows, Linux, Solaris, and AIX.

Adobe DNG Converter (APSB16-41):
– The memory corruption vulnerability (CVE-2016-7856).

Affected Versions:

  • Adobe DNG Converter 9.7 and earlier versions on Windows and Macintosh.

Adobe Experience Manager (APSB16-42):
– An important input validation issue in WCMDebug filter that could be used in cross-site scripting attacks (CVE-2016-7882).
– An important input validation issue in creates launch Wizard that could be used in cross-site scripting attacks (CVE-2016-7883).
– An important input validation issue in DAM create assets that could be used in cross-site scripting attacks (CVE-2016-7884).
– The Cross-Site Request Forgery in the Jackrabbit component (CVE-2016-7885).

Affected Versions:

  • Adobe Experience Manager 6.2, 6.1, 6.0 on all platform.

Adobe InDesign (APSB16-43):
– The memory corruption vulnerability. (CVE-2016-7886).

Affected Versions:

  •  Adobe InDesign 11.4.1 and earlier versions on Windows and Macintosh.
  • Adobe InDesign Server 11.0.0 and earlier versions on Windows and Macintosh.

Adobe ColdFusion Builder (APSB16-44):
– An important vulnerability that could lead to information disclosure. (CVE-2016-7887).

Affected Versions:

  • Adobe ColdFusion Builder 2016 Update 2 and earlier versions on Windows, Linux, and Macintosh.
  • Adobe ColdFusion Builder 3.0.3 and earlier versions on Windows, Linux, and Macintosh.

Adobe Digital Editions (APSB16-45):
– A vulnerability that could lead to a memory address leak (CVE-2016-7888).
– An issue associated with parsing crafted XML entities that could lead to information disclosure (CVE-2016-7889).

Affected Versions:

  • Adobe Digital Editions 4.5.2 and earlier versions on Windows, Macintosh, and Android.

Adobe RoboHelp (APSB16-45):
–  An important input validation issue that could be used in cross-site scripting attacks (CVE-2016-7891).

Affected Versions:

  • Adobe RoboHelp 2015.0.3 and earlier versions on Windows.
  • Adobe RoboHelp 11 and earlier versions on Windows.

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Share this article