Sunday, January 8, 2017
Happy Adobe Security Update Day For July
Happy Adobe Security Update Day For July
--
Adobe Flash - 52 critical CVEs patched
Adobe Acrobat and Reader - 32 critical CVEs patched
Adobe XMP Tool for Java - 1 CVE patched
The links above lead to accompanying Adobe security bulletins.
So wheres the required Adobe AIR update? After all, Adobe Flash is integrated into Adobe AIR! Nothing new. Thats worrying. If youre running AIR, be sure to have it self-check for updates!
Where to get the security updates:
Adobe Flash
Adobe Acrobat
Adobe Reader
Adobe XMP Tool for Java
The Gory Details
Adobe Flash Vulnerability Details
These updates resolve a race condition vulnerability that could lead to information disclosure (CVE-2016-4247).
These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-4223, CVE-2016-4224, CVE-2016-4225).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4248).
These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-4249).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246).
These updates resolve a memory leak vulnerability (CVE-2016-4232).
These updates resolve stack corruption vulnerabilities that could lead to code execution (CVE-2016-4176, CVE-2016-4177).
These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2016-4178).
Adobe Acrobat and Reader Vulnerability Details
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2016-4210).
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2016-4190).
These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-4209).
These updates resolve various methods to bypass restrictions on Javascript API execution (CVE-2016-4215).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4189, CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252).
Adobe XMP Tool for Java Vulnerability Details
This update resolves an issue associated with the parsing of crafted XML external entities in XMPCore that could lead to information disclosure (CVE-2016-4216).
Stay safe out there kids!
--
Available link for download