Your one-stop web resource providing safety and security information to manufacturers

Adobe issued security updates for Flash Player, Acrobat, Reader, and XMP Toolkit for Java, to address multiple critical vulnerabilities.

This month, 52 security bugs ended up fixed in Flash Player, including vulnerabilities under attack or have a higher risk of being a target.

Adobe Patches Zero Day Hole
APT Group Leverages Flash Zero Day
Exploit Kit Leverages Flash Zero Day
Adobe Fixes Connect Hole

Adobe Flash Player and Flash Player Extended Support Release for Windows and Mac, Adobe Flash Player for Linux resolve these issues.

The vulnerabilities also ended up fixed in version of Adobe Flash Player for Google Chrome for Windows, Macintosh, Linux and ChromeOS and of Adobe Flash Player for Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1.

Schneider Bold

The update fixes type confusion flaws (CVE-2016-4223, CVE-2016-4224, CVE-2016-4225), use-after-free bugs (CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4248), a heap buffer overflow vulnerability (CVE-2016-4249), stack corruption issues (CVE-2016-4176, CVE-2016-4177), and 33 memory corruption vulnerabilities that could lead to code execution.

Adobe also mitigated a race condition vulnerability that could lead to information disclosure (CVE-2016-4247), a memory leak vulnerability (CVE-2016-4232), and a security bypass vulnerability that could lead to information disclosure (CVE-2016-4178) in Flash Player.

As always, users should update the runtime via the official channels to stay protected.

For Acrobat and Reader, there were 30 security flaws for Windows and Mac OS X, most of which could result in code execution and could potentially allow an attacker to take control of the affected system.

The new patches are available for the Continuous and Classic tracks, as well as for Acrobat XI and Reader XI releases.

The resolved vulnerabilities include an integer overflow issue (CVE-2016-4210), a use-after-free vulnerability (CVE-2016-4190), and a heap buffer overflow bug (CVE-2016-4209), as well as 26 memory corruption vulnerabilities. Additionally, the security patches address various methods to bypass restrictions on Javascript API execution (CVE-2016-4215).

Acrobat DC and Acrobat Reader DC version 15.017.20050 (Continuous track) and 15.006.30198 (Classic track) and Acrobat XI and Reader XI version 11.0.17 (Desktop track) resolve the issues. Although there are currently no known exploits for these flaws, users are advised to update their software as soon as possible to stay protected.

The security update released for Adobe XMP Toolkit for Java resolves a vulnerability associated with the parsing of crafted XML external entities in XMPCore that could lead to information disclosure (CVE-2016-4216). Discovered by Tim Allison of the MITRE corporation, the flaw ended up resolved in version 5.1.3 of the product, Adobe said.

Pin It on Pinterest

Share This