Adobe Security Updates for February 2016

Adobe has released critical security updates February 2016 for Experience Manager, Connect, Flash Player, Photoshop CC and Bridge CC. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The Linux and Mac operating systems are affected apart from Windows.

Here are the details of 4 Critical Security Updates February 2016 :

APSB16-05 (Adobe Experience Manager ) :
– A URL filter bypass vulnerability that could be used to circumvent dispatcher rules (CVE-2016-0957).
– An information disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 (CVE-2016-0956).
– A cross-site scripting vulnerability that could lead to information disclosure (CVE-2016-0955).

Affected Versions: 6.1.0, 6.0.0, 5.6.0 on Windows, Unix, Linux and OS X.

APSB16-04 (Adobe Flash Player ):
– A type confusion vulnerability that could lead to code execution (CVE-2016-0985).
– An use-after-free vulnerabilities that could lead to code execution (CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984).
– A heap buffer overflow vulnerability that could lead to code execution (CVE-2016-0971).
– The memory corruption vulnerabilities that could lead to code execution
(CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,
CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972,
CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,
CVE-2016-0980, CVE-2016-0981).

Affected Versions: 18.0.0.326 and earlier, 20.0.0.305 and earlier on Windows and OS X, 11.2.202.559 and earlier on Unix, Linux.

APSB16-03 (Adobe Connect ):
– A Cross-Site Request Forgery protection feature (CVE-2016-0948).
– An insufficient input validation in a URL parameter (CVE-2016-0949).
– A vulnerability that could be used to misrepresent information presented in the user interface (content spoofing) (CVE-2016-0950).

Affected Versions: 9.4.2 and earlier versions on Windows.

APSB16-07 (Adobe Photoshop CC and Bridge CC ):
– The memory corruption vulnerabilities that could lead to code execution (CVE-2016-0951, CVE-2016-0952, CVE-2016-0953).

Affected Versions: 6.1.1 and earlier versions on Windows and OS X.

SecPod Saner detects these vulnerabilities and automatically fixes by applying security updates. Download Saner now and keep your systems updated and secure.

Kashinath

CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

Jun 24, 2026

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

CVE Research

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

Jun 23, 2026

CVE Research

Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

Jun 23, 2026

CVE Research

AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

AryStinger represents a calculated shift in IoT threat methodology, abandoning noisy, destructive payloads in favor of silent, long-term reconnaissance infrastructure. By exploiting unpatched, end-of-life routers and NAS devices through decade-old vulnerabilities, the threat operator has assembled a distributed fleet of over 4,300 Executor nodes capable of conducting parallelized DNS enumeration, port scanning, and service fingerprinting at scale, all while masking origin behind residential IP addresses. With active development ongoing and a potential operational timeline stretching back to 2024, AryStinger underscores a growing and underappreciated risk: forgotten edge hardware is not merely a compliance gap but exploitable infrastructure.

Jun 23, 2026

Search across all Learn content

Adobe Security Updates for February 2016

Featured Posts

CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

Customers

Learn

Support