FYI...
Flash 24.0.0.186 released
- https://helpx.adobe.com/security/pro...apsb16-39.html
Dec 13, 2016
CVE number: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 24.0.0.186 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 24.0.0.186 by visiting the Adobe Flash Player Download Center
- http://www.adobe.com/go/getflash
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 24.0.0.186 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 24.0.0.186.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pu..._player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pu...ash_player.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1037442
CVE Reference: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
Dec 13 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 23.0.0.207 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (24.0.0.186)...
___
Adobe Animate 16.0.0.112 realeased
- https://helpx.adobe.com/security/pro...apsb16-38.html
Dec 13, 2016
CVE number: CVE-2016-7866
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Animate for Windows and Macintosh. This update resolves a critical memory corruption vulnerability...
> https://creative.adobe.com/products/download/animate
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information...
___
Adobe Experience Manager Forms
- https://helpx.adobe.com/security/pro...apsb16-40.html
Dec 13, 2016
CVE number: CVE-2016-6933, CVE-2016-6934
Platform: Windows, Linux, Solaris and AIX
Summary: Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve two important input validation issues that could be used in cross-site scripting attacks...
Solution:... recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team:
> https://helpx.adobe.com/marketing-cl...t-support.html
___
Adobe DNG Converter 9.8
- https://helpx.adobe.com/security/pro...apsb16-41.html
Dec 13, 2016
CVE number: CVE-2016-7856
Platform: Windows and Macintosh
Summary: Adobe has released a security update for the Adobe DNG Converter for Windows and Macintosh. This update resolves a critical memory corruption vulnerability...
Solution: ... recommends users update their installation to the newest version...
For more information, please reference the release notes:
- https://blogs.adobe.com/lightroomjou...available.html
___
Adobe Experience Manager
- https://helpx.adobe.com/security/pro...apsb16-42.html
Dec 13, 2016
CVE number: CVE-2016-7882, CVE-2016-7883, CVE-2016-7884, CVE-2016-7885
Platform: Windows, Unix, Linux and OS X
Summary: Adobe has released security updates for Adobe Experience Manager. These updates resolve three important input validation issues that could be used in cross-site scripting attacks (CVE-2016-7882, CVE-2016-7883 and CVE-2016-7884), and include an update to protect users from an important Cross-Site Request Forgery vulnerability (CVE-2016-7885)...
Solution: Adobe recommends customers with on-premise deployments install the available updates referenced below. Furthermore, customers should review and implement the steps outlined in the Security Checklists for versions 6.2, 6.1 or 6.0...
6.0: https://docs.adobe.com/docs/en/aem/6...checklist.html
6.1: https://docs.adobe.com/docs/en/aem/6...checklist.html
6.2: https://docs.adobe.com/docs/en/aem/6...checklist.html
___
Security updates available for InDesign
- https://helpx.adobe.com/security/pro...apsb16-43.html
Dec 13, 2016
CVE number: CVE-2016-7886
Platform: Windows and Macintosh
Summary: Adobe has released security updates for InDesign for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability...
Solution: ... recommends users update their installation to the newest version:
InDesign 12.0.0 Windows and Macintosh:
Relase Notes: https://helpx.adobe.com/indesign/rel...n-cc-2017.html
InDesign Server 12.0.0 Windows and Macintosh
Release Notes: https://helpx.adobe.com/indesign/rel...ase-notes.html
___
ColdFusion Builder
- https://helpx.adobe.com/security/pro...apsb16-44.html
Dec 13, 2016
CVE number: CVE-2016-7887
Platforms: Windows, Linux and Macintosh
Summary: Adobe has released a security update for ColdFusion Builder for Windows, Linux, and Macintosh. This update resolves an important vulnerability that could lead to information disclosure (CVE-2016-7887)...
Solution: ... recommends users update their installations to the newest versions:
ColdFusion Builder 2016 Update 3 - Tech note:
> https://helpx.adobe.com/coldfusion/k...-update-3.html
ColdFusion Builder 3.0 3.0.3 Hotfix - Tech note:
> https://helpx.adobe.com/coldfusion/k...-3-update.html
___
Adobe Digital Editions 4.5.3
- https://helpx.adobe.com/security/pro...apsb16-45.html
Dec 13, 2016
CVE numbers: CVE-2016-7888, CVE-2016-7889
Platform: Windows, Macintosh and Android
Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh and Android. This update resolves an important vulnerability that could result in a memory address leak, and an important XML parsing vulnerability that could lead to information disclosure...
Solution: Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version 4.5.3 ...
Customers using Adobe Digital Editions 4.5.2 can download the update from the Adobe Digital Editions download page*, or utilize the product’s update mechanism when prompted.
* https://www.adobe.com/solutions/eboo.../download.html
For more information, please reference the release notes:
- http://www.adobe.com/solutions/ebook...ase-notes.html
___
Security update available for RoboHelp 2015.0.4
- https://helpx.adobe.com/security/pro...apsb16-46.html
Dec 13, 2016
CVE number: CVE-2016-7891
Platforms: Windows
Summary: Adobe has released a security update for RoboHelp for Windows. This update resolves an important input validation issue that could be used in cross-site scripting attacks...
Download: https://www.adobe.com/support/robohelp/downloads.html
Tech note: https://helpx.adobe.com/robohelp/kb/...erability.html
Release notes: https://www.adobe.com/robohelp/Adobe...0_1_ReadMe.pdf
KB article: https://helpx.adobe.com/robohelp/kb/...erability.html