SecPod

Learn Search

Search across all Learn content

← Back to Security Research
Adobe Security Updates for June 2016

Adobe Security Updates for June 2016

Jun 15, 2016By Tushar K3 min read

Adobe has released critical security updates for Adobe Flash Player(APSB16-18), Adobe DNG SDK(APSB16-19), Adobe Brackets(APSB16-20), Adobe Creative Cloud Desktop Application(APSB16-21), ClouFusion (APSB16-22), Adobe AIR(APSB16-23) and with Adobe Flash Player(APSA16-03) Advisory. The security updates for Adobe DNG Software development Kit (SDK) resolves a memory corruption vulnerability. The security updates for Adobe Flash Player resolves critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The security updates for Adobe AIR resolves a vulnerability in the directory search path used by the Air installer that could lead to code execution. The security updates for Adobe Brackets resolves a JavaScript injection vulnerability, which could be abused in a cross-site scripting attack and an input validation vulnerability in the extension manager. The security updates for Adobe Creative Cloud Desktop Application resolves a vulnerability in the directory search path used to find resources that could lead to code execution and an unquoted service path enumeration vulnerability in the Creative Cloud Desktop Application. The security hotfix for ClouFusion resolves an input validation issue that could be used in reflected XSS (cross-site scripting) attacks .

  • A Type Confusion Vulnerabilities that could lead to code execution (CVE-2016-4144, CVE-2016-4149)
  • A use-after-free Vulnerabilities that could lead to code execution (CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148)
  • A Memory Corruption Vulnerabilities that could lead to code execution (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171)
  • A Directory Search Path Vulnerability used to find resources that could lead to code execution (CVE-2016-4140)
  • A vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2016-4139)

Affected Versions: Adobe Flash Player 21.0.0.242 and earlier versions for Windows and Macintosh.

Adobe Flash Player Extended Support 18.0.0.352 and earlier for Windows and Macintosh.

Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.242 and earlier for Windows 10 and 8.1.

Adobe Flash Player for Google Chrome 21.0.0.242 and earlier for Windows, Macintosh, Linux and ChromeOS.

Adobe Flash Player 11.2.202.621 and earlier for Linux.

  • A Memory Corruption Vulnerability that could lead to code execution (CVE-2016-4167)

Affected Versions: Adobe DNG SDK 1.4 (2012 release) and earlier versions for Windows, Macintosh.

  • A JavaScript injection vulnerability that could be abused in a cross-site scripting attack (CVE-2016-4164)
  • An Input Validation Vulnerability in the extension manager (CVE-2016-4165)

Affected Versions: Adobe Brackets 1.6 and earlier versions for Windows, Macintosh and Linux.

  • An Untrusted Search Path Vulnerability that could lead to code execution (CVE-2016-4157)
  • An Unquoted Service Path Enumeration Vulnerability in the Creative Cloud Desktop Application (CVE-2016-4158).

Affected Versions: Adobe Creative Cloud 3.6.0.248 and earlier versions for Windows.

  • An important input validation issue that could be exploited to conduct cross-site scripting attacks (CVE-2016-4159)

Affected Versions: ColdFusion (2016 release) Update 1, ColdFusion 11 Update 8 and earlier versions, ColdFusion 10 Update 19 and earlier versions for Windows, Macintosh, Linux and ChromeOS.

  • A Directory Search Path Vulnerability used by the Air installer that could lead to code execution (CVE-2016-4126)

Affected Versions: Adobe AIR 21.0.0.215 and earlier for Windows.

  • A critical vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system (CVE-2016-4171)

Affected Versions: Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS.

SecPod Saner detects these vulnerabilities and automatically fixes by applying security updates. Download Saner and keep your systems updated and secure.

Featured Posts

Open CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

CVE Research

CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

Jun 24, 2026

Open CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

CVE Research

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

Jun 23, 2026

Open Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests
Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

CVE Research

Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

Jun 23, 2026

Open AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure
AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

CVE Research

AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

AryStinger represents a calculated shift in IoT threat methodology, abandoning noisy, destructive payloads in favor of silent, long-term reconnaissance infrastructure. By exploiting unpatched, end-of-life routers and NAS devices through decade-old vulnerabilities, the threat operator has assembled a distributed fleet of over 4,300 Executor nodes capable of conducting parallelized DNS enumeration, port scanning, and service fingerprinting at scale, all while masking origin behind residential IP addresses. With active development ongoing and a potential operational timeline stretching back to 2024, AryStinger underscores a growing and underappreciated risk: forgotten edge hardware is not merely a compliance gap but exploitable infrastructure.

Jun 23, 2026

Adobe Security Updates for June 2016 | SecPod