Adobe has released critical security updates and hotfixes for ColdFusion, Adobe Flash player, Adobe Acrobat and Reader, which covers a total of 136 CVEs.
The security hotfixes for ColdFusion resolves a critical vulnerability on all platforms. The security updates for Adobe Acrobat and Reader resolves a critical vulnerability on Windows and Macintosh, whereas for Adobe Flash player the security updates resolves a critical vulnerability on Windows, Macintosh, Linux and ChromeOS.
Here are the details of 3 Critical Security Updates:
APSB16-16 (ColdFusion):
– An important input validation issue that could be abused to conduct cross-site scripting
attacks (CVE-2016-1113).
– An important Java deserialization vulnerability (CVE-2016-1114).
– A moderate host name verification problem (CVE-2016-1115).
Affected Versions in the adobe coldfusion updates: ColdFusion 2016.0.0, ColdFusion 11 Updates 7 and earlier, ColdFusion 10 Update 18 and earlier versions on Windows, Macintosh, Linux and ChromeOS.
APSB16-14 (Adobe Acrobat and Reader):
– An use-after-free vulnerabilities which could lead to code execution (CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, CVE-2016-4107).
– The heap buffer overflow vulnerabilities which could lead to code execution (CVE-2016-4091, CVE-2016-4092).
– The memory corruption vulnerabilities which could lead to code execution (CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105).
Affected Versions: Acrobat DC Continuous 15.010.20060 and earlier versions, Acrobat Reader DC Continuous 15.010.20060 and earlier versions, Acrobat DC Classic 15.006.30121 and earlier versions, Acrobat Reader DC Classic 15.006.30121 and earlier versions, Reader XI Desktop 11.0.15 and earlier versions, on Windows and Macintosh.
APSA16-02 (Adobe Flash Player):
– An unspecified vulnerability which could lead to code execution. (CVE-2016-4117)
Affected Versions: Adobe Flash Player 21.0.0.226 and earlier versions.
SecPod Saner detects these vulnerabilities and automatically fixes by applying security updates. Download Saner now and keep your systems updated and secure.
– Kashinath