My next class:

Adobe Patch Tuesday - February 2016

Published: 2016-02-09. Last Updated: 2016-02-09 18:43:15 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

APSB16-03: Adobe Photoshop CC and Bridge CC

3 critical vulnerabilities that could lead to code execution with a priority rating of 3 (low): CVE-2016-0951, CVE-2016-0952, CVE-2016-0953. You may have to download the updates directly from Adobe as they will not show up in Creative Cloud Packager!

APSB16-04: Adobe Flash Player

22 critical vulnerabilities that could lead to code execution. The priority rating is 1 for Flash Player (including the Flash Player embedded in Chrome/Edge/Internet Explorer 11) . 

APSB16-05: Adobe Experience Manager

4 important vulnerabilities that could lead to information disclosure. This includes fixes for the Java deserialization issues. 

APSB16-07: Adobe Connect

3 important vulnerabilities that lead to input validation and content spoofing issues. (including cross site request forgery). The priority rating for this update is 1 (low).

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords: adobe path tuesday
1 comment(s)
My next class:

Comments

As a clarification, Photoshop CC 2014 is the only version that will not patch through the updater. (The updater should be bugging you to migrate to the CC 2015 release.) Photoshop CC 2015 does update through the updater. Given that anyone with a CC subscription for the 2014 release will be entitled to the 2015 release, there are very few good reasons for anyone to be running the 2014 version.

Diary Archives