Hello everyone,
This month there are 6 patch releases from Adobe and 1 for both Chrome and Firefox. A security advisory for Adobe Flash was released this month stating that there are active attacks exploiting CVE-2016-4171. Apply the patch for Adobe Flash as soon as possible since attackers are using spearphishing emails with malicious links to exploit this vulnerability. Chrome and Firefox both resolve numerous vulnerabilities in their newest release. Finish off this month of non-Microsoft patches by reviewing the remaining Adobe patches for Air, ColdFusion, DNG, Brackets, and Creative Cloud.
|
Randy The Tech Professor |
June 2016: Third Party (Non-Microsoft) Patches |
||||
|
Identifier |
Vendor/Product |
Product Version Affected |
Date Released by Vendor |
Vulnerability Info. |
Vendor |
|
CVE-2016-4126 |
Adobe Air |
21.0.0.215 and earlier |
6/16/2016 |
Arbitrary Code Execution |
Priority3/Update:admin’s discretion |
|
Adobe Flash |
Win/Mac 21.0.0.242 and earlier ESR 18.0.0.352 and earlier Linux 11.2.202.621 and earlier |
6/16/2016 |
Arbitrary Code Execution |
Priority1/Update as soon as possible |
|
|
CVE-2016-4167 |
Adobe DNG |
14 and earlier |
6/14/2016 |
Arbitrary Code Execution, Denialof Service |
Priority3/Update:admin’s discretion |
|
Adobe Brackets |
1.6 and earlier |
6/14/2016 |
Cross-Site Scripting |
Priority3/Update:admin’s discretion |
|
|
Adobe Creative Cloud |
3.6.0.248 and earlier |
6/14/2016 |
Privilege Escalation |
Priority3/Update:admin’s discretion |
|
|
CVE-2016-4159 |
Adobe ColdFusion |
10u19 and earlier 11u8 and earlier 2016u1 |
6/14/2016 |
Cross-Site Scripting |
Priority2/Update within 30 days |
|
Google Chrome |
Before 51.0.2704.106 |
6/23/2016 |
Denial Service, Security Bypass, Information Disclosure, Spoofing |
Update after testing |
|
|
Mozilla Firefox |
Before 47 |
6/7/2016 |
Arbitrary Code Execution, Denial Service, Cross-Site Scripting, Spoofing, Security Bypass |
Update as soon as possible |
|
Best wishes,
Randy Knowles
