Adobe has released three security updates for Adobe AIR SDK & Compiler (APSB16-31), Adobe Flash Player (APSB16-29), and Adobe Digital Editions (APSB16-28) which covers a total of 35 CVEs . The security update resolves a critical vulnerability for Adobe Flash Player and for AIR it resolves a remote security vulnerability that could potentially allow an attacker to take control of the affected system. The security updates for Digital Editions resolves the memory corruption vulnerabilities that could lead to code execution.
APSB16-29 (Adobe Flash Player):
– An integer overflow vulnerability that could lead to code execution (CVE-2016-4287).
– The use-after-free vulnerabilities that could lead to code execution (CVE-2016-4272, CVE-2016-4279,
CVE-2016- 6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927,
CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932).
– The security bypass vulnerabilities that could lead to information disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278).
– The memory corruption vulnerabilities that could lead to code execution (CVE-2016-4274, CVE-2016-4275,
CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,
CVE-2016 -4285, CVE-2016-6922, CVE-2016-6924.
APSB16-28(Adobe Digital Editions):
– The multiple memory corruption vulnerabilities that could lead to code execution (CVE-2016-4256,
CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262).
– The use-after-free vulnerability that could lead to code execution (CVE-2016-4263).
Adobe Flash Player – Prior to 18.104.22.168 on all platforms
Adobe Air SDK & Compiler – 22.214.171.124 and earlier on Windows and Macintosh
Adobe Digital Editions – 4.5.1 and earlier versions on all platforms