Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Adobe Patch Tuesday - February 2016 - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Patch Tuesday - February 2016

APSB16-03: Adobe Photoshop CC and Bridge CC

3 critical vulnerabilities that could lead to code execution with a priority rating of 3 (low): CVE-2016-0951, CVE-2016-0952, CVE-2016-0953. You may have to download the updates directly from Adobe as they will not show up in Creative Cloud Packager!

APSB16-04: Adobe Flash Player

22 critical vulnerabilities that could lead to code execution. The priority rating is 1 for Flash Player (including the Flash Player embedded in Chrome/Edge/Internet Explorer 11) . 

APSB16-05: Adobe Experience Manager

4 important vulnerabilities that could lead to information disclosure. This includes fixes for the Java deserialization issues. 

APSB16-07: Adobe Connect

3 important vulnerabilities that lead to input validation and content spoofing issues. (including cross site request forgery). The priority rating for this update is 1 (low).


Johannes B. Ullrich, Ph.D.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS Cyber Defence Japan August 2022


4515 Posts
ISC Handler
Feb 9th 2016
As a clarification, Photoshop CC 2014 is the only version that will not patch through the updater. (The updater should be bugging you to migrate to the CC 2015 release.) Photoshop CC 2015 does update through the updater. Given that anyone with a CC subscription for the 2014 release will be entitled to the 2015 release, there are very few good reasons for anyone to be running the 2014 version.

Sign Up for Free or Log In to start participating in the conversation!