SecPod

Learn Search

Search across all Learn content

← Back to Security Research
Adobe Security Updates for May 2016

Adobe Security Updates for May 2016

May 11, 2016By Kashinath T2 min read

Adobe has released critical security updates and hotfixes for ColdFusion, Adobe Flash player, Adobe Acrobat and Reader, which covers a total of 136 CVEs.

The security hotfixes for ColdFusion resolves a critical vulnerability on all platforms. The security updates for Adobe Acrobat and Reader resolves a critical vulnerability on Windows and Macintosh, whereas for Adobe Flash player the security updates resolves a critical vulnerability on Windows, Macintosh, Linux and ChromeOS.

APSB16-16 (ColdFusion):
– An important input validation issue that could be abused to conduct cross-site scripting
attacks (CVE-2016-1113).
– An important Java deserialization vulnerability (CVE-2016-1114).
– A moderate host name verification problem (CVE-2016-1115).

Affected Versions in the adobe coldfusion updates: ColdFusion 2016.0.0, ColdFusion 11 Updates 7 and earlier, ColdFusion 10 Update 18 and earlier versions on Windows, Macintosh, Linux and ChromeOS.

APSB16-14 (Adobe Acrobat and Reader):

 An use-after-free vulnerabilities which could lead to code execution (CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, CVE-2016-4107).
– The heap buffer overflow vulnerabilities which could lead to code execution (CVE-2016-4091, CVE-2016-4092).
– The memory corruption vulnerabilities which could lead to code execution (CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072,CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105).

Affected Versions: Acrobat DC Continuous 15.010.20060 and earlier versions, Acrobat Reader DC Continuous 15.010.20060 and earlier versions, Acrobat DC Classic 15.006.30121 and earlier versions, Acrobat Reader DC Classic 15.006.30121 and earlier versions, Reader XI Desktop 11.0.15 and earlier versions, on Windows and Macintosh.

APSA16-02 (Adobe Flash Player):
– An unspecified vulnerability which could lead to code execution. (CVE-2016-4117)

Affected Versions: Adobe Flash Player 21.0.0.226 and earlier versions.
SecPod Saner detects these vulnerabilities and automatically fixes by applying security updates. Download Saner now and keep your systems updated and secure.

– Kashinath

Featured Posts

Open CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

CVE Research

CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

Jun 24, 2026

Open CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

CVE Research

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

Jun 23, 2026

Open Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests
Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

CVE Research

Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

Jun 23, 2026

Open AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure
AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

CVE Research

AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

AryStinger represents a calculated shift in IoT threat methodology, abandoning noisy, destructive payloads in favor of silent, long-term reconnaissance infrastructure. By exploiting unpatched, end-of-life routers and NAS devices through decade-old vulnerabilities, the threat operator has assembled a distributed fleet of over 4,300 Executor nodes capable of conducting parallelized DNS enumeration, port scanning, and service fingerprinting at scale, all while masking origin behind residential IP addresses. With active development ongoing and a potential operational timeline stretching back to 2024, AryStinger underscores a growing and underappreciated risk: forgotten edge hardware is not merely a compliance gap but exploitable infrastructure.

Jun 23, 2026

Adobe Security Updates for May 2016 | SecPod