This March Adobe has released three security updates (APSB16-06, APSB16-09, APSB16-08) for Adobe Digital Editions, Adobe Acrobat, Adobe Reader, Adobe AIR and Adobe Flash Player covering a total of 27 CVE’s. The security update (APSB16-06) for Adobe Digital Editions for Windows, Macintosh iOS and Android resolves a critical vulnerability that could lead to code execution. The security update (APSB16-09) for Adobe Acrobat and Reader for Windows and Macintosh and the security update (APSB16-08) for Adobe AIR and Adobe Flash Player for Windows, Macintosh and Linux address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Here are the details of Critical Security Updates:
APSB16-06 (Adobe Digital Editions):
– A memory corruption vulnerability that can be exploited to execute arbitrary code or cause a denial of service condition on compromised machines (CVE-2016-0954).
Affected Versions:
- Adobe Digital Editions 4.5.0 and earlier versions on Windows, Macintosh, iOS and Android
APSB16-09 (Adobe Acrobat and Reader) :
– Memory corruption vulnerabilities that can be exploited to remotely execute code or to cause denial of service condition on the compromised machines (CVE-2016-1007 and CVE-2016-1009).
– A vulnerability in the directory search path used to find resources that can be exploited to remotely execute code on the compromised machines (CVE-2016-1008).
Affected Versions:
- Adobe Acrobat and Reader continuous 15.010.20059 and earlier versions on Windows and Macintosh
- Adobe Acrobat and Reader classic 15.006.30119 and earlier versions on Windows and Macintosh
- Adobe Acrobat and Reader desktop 11.0.14 and earlier versions on Windows and Macintosh
APSB16-08 (Adobe AIR and Adobe Flash Player):
– Integer overflow vulnerabilities that could lead to code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).
– Use-after-free vulnerabilities that could lead to code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).
– Heap overflow vulnerability that could lead to code execution (CVE-2016-1001).
– Memory corruption vulnerabilities that could lead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, CVE-2016-1005).
Affected Versions:
- Adobe Flash Player 20.0.0.306 and earlier, 18.0.0.329 and earlier versions on Windows and Macintosh, 11.2.202.569 and earlier on Linux.
- Adobe AIR 20.0.0.260 and earlier on Windows, Macintosh, Android and iOS.
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.
- Rinu Kuriakose