Number: AV16-141
Date: 13 September 2016
Purpose
The purpose of this advisory is to bring attention to the recently released security updates for multiple Adobe products.
Assessment
Adobe has released Security Bulletins APSB16-28, APSB16-29, and APSB16-30 to address critical vulnerabilities that could allow an attacker to take control of vulnerable systems. All OS platforms are reported as being impacted.
Affected software versions:
- Adobe Digital Editions 4.5.1 and earlier versions
- Adobe Flash Player Desktop Runtime 22.0.0.211 and earlier (Windows and Macintosh)
- Adobe Flash Player Extended Support Release 18.0.0.366 and earlier (Windows and Macintosh)
- Adobe Flash Player for Google Chrome 22.0.0.211 and earlier (Windows, Macintosh, Linux and ChromeOS)
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 22.0.0.211 and earlier (Windows 10 and 8.1)
- Adobe Flash Player for Linux 11.2.202.632 and earlier
- Adobe AIR SDK & Compiler 22.0.0.153 and earlier
CVE References: CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262, CVE-2016-4263, CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932, CVE-2016-6936
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
Adobe Security Bulletin: