security updates for Multiple Adobe Products

Number: AV16-162
Date: 11 October 2016

Purpose

The purpose of this advisory is to bring attention to the recently released security updates for multiple Adobe products.

Assessment

Adobe has released Security Bulletins APSB16-32, APSB16-33, and APSB16-34 to address critical, important and moderate vulnerabilities that could allow an attacker to take control of vulnerable systems. All OS platforms are reported as being impacted.

Affected software versions:

  • Adobe Flash Player Desktop Runtime 23.0.0.162 and earlier (Windows and Macintosh)
  • Adobe Flash Player Extended Support Release 18.0.0.375 and earlier (Windows and Macintosh)
  • Adobe Flash Player for Google Chrome 23.0.0.162 and earlier (Windows, Macintosh, Linux and ChromeOS)
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 23.0.0.162 and earlier (Windows 10 and 8.1)
  • Adobe Flash Player for Linux 11.2.202.635 and earlier (Linux)
  • Acrobat DC 15.017.20053 and earlier versions (Windows and Macintosh)
  • Acrobat Reader DC 15.017.20053 and earlier versions (Windows and Macintosh)
  • Acrobat DC 15.006.30201 and earlier versions (Windows and Macintosh)
  • Acrobat Reader DC 15.006.30201 and earlier versions (Windows and Macintosh)
  • Acrobat XI 11.0.17 and earlier versions (Windows and Macintosh)
  • Reader XI 11.0.17 and earlier versions (Windows and Macintosh)
  • Creative Cloud Desktop Application Creative Cloud 3.7.0.272 and earlier versions (Windows)

CVE References: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992, CVE-2016-1089, CVE-2016-1091, CVE-2016-6939, CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6947, CVE-2016-6948, CVE-2016-6949, CVE-2016-6950, CVE-2016-6951, CVE-2016-6952, CVE-2016-6953, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6957, CVE-2016-6958, CVE-2016-6959, CVE-2016-6960, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6966, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6970, CVE-2016-6971, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993, CVE-2016-6994, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-6999, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-6935

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

Adobe Security Bulletin:
https://helpx.adobe.com/security/products/flash-player/apsb16-32.html
https://helpx.adobe.com/security/products/acrobat/apsb16-33.html
https://helpx.adobe.com/security/products/creative-cloud/apsb16-34.html

Date modified: