Cloud Security, Patch/Configuration Management, Vulnerability Management

Patch Tuesday: Adobe fixes critical Flash Player, Acrobat and Reader vulnerabilities

Adobe's October Patch Tuesday roll-out featured three bulletins covering 84 vulnerabilities for Flash Player, Reader, Acrobat and Creative Cloud Desktop Application with all but one being rated as critical.

Adobe is not aware of any of the issues being live in the wild.

The 12 Flash Player issues addressed in bulletin APSB16-32 affect Flash Player Desktop Runtime, Extended Support Release, Flash Player for Chrome, Microsoft Edge, IE 11 and Linux. If left unpatched Adobe reported they could allow an unauthorized person to take control of the system.

The 71 CVE's found in bulletin APSB16-33 are for Acrobat and Reader for the Windows and Macintosh platforms. Sixty-nine of the updates fix problem that can lead to remote code execution if left unpatched, while CVE-2016-6957 resolves various methods to bypass restrictions on Javascript API execution and CVE-2016-6958 fixes a security bypass vulnerability.

Adobe only issues updates for Acrobat and Reader on a quarterly basis.

Adobe bulletin APSB16-34 only covered one issue for Creative Cloud Desktop Application, CVE-2016-6935. This is none critical update patches unquoted search path vulnerability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.