Threat Level: green Handler on Duty: John Bambenek

SANS ISC: Adobe Patch Tuesday - February 2016 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Patch Tuesday - February 2016

APSB16-03: Adobe Photoshop CC and Bridge CC

3 critical vulnerabilities that could lead to code execution with a priority rating of 3 (low): CVE-2016-0951, CVE-2016-0952, CVE-2016-0953. You may have to download the updates directly from Adobe as they will not show up in Creative Cloud Packager!

APSB16-04: Adobe Flash Player

22 critical vulnerabilities that could lead to code execution. The priority rating is 1 for Flash Player (including the Flash Player embedded in Chrome/Edge/Internet Explorer 11) . 

APSB16-05: Adobe Experience Manager

4 important vulnerabilities that could lead to information disclosure. This includes fixes for the Java deserialization issues. 

APSB16-07: Adobe Connect

3 important vulnerabilities that lead to input validation and content spoofing issues. (including cross site request forgery). The priority rating for this update is 1 (low).

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Defending Web Applications Security Essentials - SANS Munich March 2019

Johannes

3368 Posts
ISC Handler
As a clarification, Photoshop CC 2014 is the only version that will not patch through the updater. (The updater should be bugging you to migrate to the CC 2015 release.) Photoshop CC 2015 does update through the updater. Given that anyone with a CC subscription for the 2014 release will be entitled to the 2015 release, there are very few good reasons for anyone to be running the 2014 version.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!