Adobe has released two critical security updates for Adobe Flash Player (APSB16-32), Adobe Acrobat and Reader (APSB16-33) and one security update for Adobe Creative Cloud Desktop Application (APSB16-34). The security updates for Adobe Flash Player, Adobe Acrobat and Reader resolves critical vulnerabilities that allow attackers to take control of the affected systems. The security updates for the Adobe Creative Cloud Desktop Application resolves a search path vulnerability that could lead to local privilege escalation.
Here are the details of Critical Security Updates and security Advisory :
APSB16-32 (Adobe Flash Player):
– A type confusion vulnerability that could lead to code execution (CVE-2016-6992).
– Multiple use-after-free vulnerabilities that could lead to code execution (CVE-2016-6981, CVE-2016-6987).
– A security bypass vulnerability (CVE-2016-4286).
– Multiple memory corruption vulnerabilities that could lead to code execution (CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, CVE-2016-6990).
Affected Versions:
Adobe Flash Player Desktop Runtime 23.0.0.162 and earlier on Windows and Macintosh.
Adobe Flash Player Extended Support Release 18.0.0.375 and earlier on Windows and Macintosh.
Adobe Flash Player for Google Chrome 23.0.0.162 and earlier on Windows, Macintosh, Linux and ChromeOS.
Adobe Flash Player for Microsoft Edge and Internet Explorer 23.0.0.162 and earlier on Windows 10 and 8.1
Adobe Flash Player 11.2.202.635 and earlier on Linux.
APSB16-33 (Adobe Acrobat and Reader):
– Multiple use-after-free vulnerabilities that could lead to code execution (CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993).
– Multiple heap buffer overflow vulnerabilities that could lead to code execution (CVE-2016-6939, CVE-2016-6994).
– Multiple memory corruption vulnerabilities that could lead to code execution (CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019).
- A vulnerability that could lead to Javascript API execution restriction bypass (CVE-2016-6957).
-
A security bypass vulnerability (CVE-2016-6958).
-
An integer overflow vulnerability that could lead to code execution (CVE-2016-6999).
Affected Versions:
Acrobat DC Continuous 15.017.20053 and earlier versions on Windows and Macintosh.
Acrobat Reader DC Continuous 15.017.20053 and earlier versions on Windows and Macintosh.
Acrobat DC Classic 15.006.30201 and earlier versions on Windows and Macintosh.
Acrobat Reader DC Classic 15.006.30201 and earlier versions on Windows and Macintosh.
Acrobat XI Desktop 11.0.17 and earlier versions on Windows and Macintosh.
Reader XI Desktop 11.0.17 and earlier versions on Windows and Macintosh.
APSB16-34 (Adobe Creative Cloud Desktop Application):
- An unquoted search path vulnerability that could lead to local privilege escalation (CVE-2016-6935).
Affected Versions:
Adobe Creative Cloud Desktop Application 3.7.0.272 and earlier versions on Windows.
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.