Adobe has released critical security updates for Adobe Flash Player(APSB16-18), Adobe DNG SDK(APSB16-19), Adobe Brackets(APSB16-20), Adobe Creative Cloud Desktop Application(APSB16-21), ClouFusion (APSB16-22), Adobe AIR(APSB16-23) and with Adobe Flash Player(APSA16-03) Advisory. The security updates for Adobe DNG Software development Kit (SDK) resolves a memory corruption vulnerability. The security updates for Adobe Flash Player resolves critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The security updates for Adobe AIR resolves a vulnerability in the directory search path used by the Air installer that could lead to code execution. The security updates for Adobe Brackets resolves a JavaScript injection vulnerability, which could be abused in a cross-site scripting attack and an input validation vulnerability in the extension manager. The security updates for Adobe Creative Cloud Desktop Application resolves a vulnerability in the directory search path used to find resources that could lead to code execution and an unquoted service path enumeration vulnerability in the Creative Cloud Desktop Application. The security hotfix for ClouFusion resolves an input validation issue that could be used in reflected XSS (cross-site scripting) attacks .
Here are the details of Critical Security Updates and security Advisoty :
APSB16-18 (Adobe Flash Player):
- A Type Confusion Vulnerabilities that could lead to code execution (CVE-2016-4144, CVE-2016-4149)
-
A use-after-free Vulnerabilities that could lead to code execution (CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148)
-
A Memory Corruption Vulnerabilities that could lead to code execution (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171)
-
A Directory Search Path Vulnerability used to find resources that could lead to code execution (CVE-2016-4140)
-
A vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2016-4139)
Affected Versions: Adobe Flash Player 21.0.0.242 and earlier versions for Windows and Macintosh.
Adobe Flash Player Extended Support 18.0.0.352 and earlier for Windows and Macintosh.
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.242 and earlier for Windows 10 and 8.1.
Adobe Flash Player for Google Chrome 21.0.0.242 and earlier for Windows, Macintosh, Linux and ChromeOS.
Adobe Flash Player 11.2.202.621 and earlier for Linux.
- A Memory Corruption Vulnerability that could lead to code execution (CVE-2016-4167)
Affected Versions: Adobe DNG SDK 1.4 (2012 release) and earlier versions for Windows, Macintosh.
- A JavaScript injection vulnerability that could be abused in a cross-site scripting attack (CVE-2016-4164)
-
An Input Validation Vulnerability in the extension manager (CVE-2016-4165)
Affected Versions: Adobe Brackets 1.6 and earlier versions for Windows, Macintosh and Linux.
APSB16-21 (Adobe Creative Cloud Desktop Application):
- An Untrusted Search Path Vulnerability that could lead to code execution (CVE-2016-4157)
-
An Unquoted Service Path Enumeration Vulnerability in the Creative Cloud Desktop Application (CVE-2016-4158).
Affected Versions: Adobe Creative Cloud 3.6.0.248 and earlier versions for Windows.
- An important input validation issue that could be exploited to conduct cross-site scripting attacks (CVE-2016-4159)
Affected Versions: ColdFusion (2016 release) Update 1, ColdFusion 11 Update 8 and earlier versions, ColdFusion 10 Update 19 and earlier versions for Windows, Macintosh, Linux and ChromeOS.
- A Directory Search Path Vulnerability used by the Air installer that could lead to code execution (CVE-2016-4126)
Affected Versions: Adobe AIR 21.0.0.215 and earlier for Windows.
APSB16-03 (Adobe Flash Player):
- A critical vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system (CVE-2016-4171)
Affected Versions: Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS.
SecPod Saner detects these vulnerabilities and automatically fixes by applying security updates. Download Saner now and keep your systems updated and secure.