SecPod

Learn Search

Search across all Learn content

← Back to Security Research
Adobe Security Updates for March 2016

Adobe Security Updates for March 2016

Mar 9, 2016By Rinu K2 min read

This March Adobe has released three security updates (APSB16-06, APSB16-09, APSB16-08) for Adobe Digital Editions, Adobe Acrobat, Adobe Reader, Adobe AIR and Adobe Flash Player covering a total of 27 CVE’s. The security update (APSB16-06) for Adobe Digital Editions for Windows, Macintosh iOS and Android resolves a critical vulnerability that could lead to code execution. The security update (APSB16-09) for Adobe Acrobat and Reader for Windows and Macintosh and the security update (APSB16-08) for Adobe AIR and Adobe Flash Player for Windows, Macintosh and Linux address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Here are the details of Critical Security Updates:

APSB16-06 (Adobe Digital Editions):

– A memory corruption vulnerability that can be exploited to execute arbitrary code or cause a denial of service condition on compromised machines (CVE-2016-0954).

Affected Versions:

  • Adobe Digital Editions 4.5.0 and earlier versions on Windows, Macintosh, iOS and Android

APSB16-09 (Adobe Acrobat and Reader) :

Memory corruption vulnerabilities that can be exploited to remotely execute code or to cause denial of service condition on the compromised machines (CVE-2016-1007 and CVE-2016-1009).

A vulnerability in the directory search path used to find resources that can be exploited to remotely execute code on the compromised machines (CVE-2016-1008).

Affected Versions:

  • Adobe Acrobat and Reader continuous 15.010.20059 and earlier versions on Windows and Macintosh
  • Adobe Acrobat and Reader classic 15.006.30119 and earlier versions on Windows and Macintosh
  • Adobe Acrobat and Reader desktop 11.0.14 and earlier versions on Windows and Macintosh

APSB16-08 (Adobe AIR and Adobe Flash Player):

Integer overflow vulnerabilities that could lead to code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).
Use-after-free vulnerabilities that could lead to code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).
Heap overflow vulnerability that could lead to code execution (CVE-2016-1001).
Memory corruption vulnerabilities that could lead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, CVE-2016-1005).

Affected Versions:

  • Adobe Flash Player 20.0.0.306 and earlier, 18.0.0.329 and earlier versions on Windows and Macintosh, 11.2.202.569 and earlier on Linux.
  • Adobe AIR 20.0.0.260 and earlier on Windows, Macintosh, Android and iOS.

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

  • Rinu Kuriakose

Featured Posts

Open CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

CVE Research

CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

Jun 24, 2026

Open CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

CVE Research

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

Jun 23, 2026

Open Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests
Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

CVE Research

Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

Jun 23, 2026

Open AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure
AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

CVE Research

AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

AryStinger represents a calculated shift in IoT threat methodology, abandoning noisy, destructive payloads in favor of silent, long-term reconnaissance infrastructure. By exploiting unpatched, end-of-life routers and NAS devices through decade-old vulnerabilities, the threat operator has assembled a distributed fleet of over 4,300 Executor nodes capable of conducting parallelized DNS enumeration, port scanning, and service fingerprinting at scale, all while masking origin behind residential IP addresses. With active development ongoing and a potential operational timeline stretching back to 2024, AryStinger underscores a growing and underappreciated risk: forgotten edge hardware is not merely a compliance gap but exploitable infrastructure.

Jun 23, 2026

Adobe Security Updates for March 2016 | SecPod