A security update for Adobe Connect for Windows released Monday resolves an untrusted search path vulnerability in the add-in installer for Connect versions 9.5.2 and earlier.
Adobe said thus far no exploits of CVE-2016-4118, which carries a 3 rating, have been reported in the wild. The company urged on-premise users to upgrade to version 9.5.3 after meeting certain prerequisites – Adobe Connect 8.x and Connect 9.x users must first update to Connect 9.5.x before they can apply the patch. Adobe began hosting 9.5.3 on May 13 and those organizations using Adobe managed customer specific cloud deployment of Connect should contact their representatives to schedule an update.
The company gave the nod to researcher Anand Bhat for reporting the vulnerability.
The upgrade also included a number of improvements to Connect, including issues where “slide changes during recording playback on seeking” and “upon changing the layout on quick succession, the share pod did not load.”