قالب وردپرس درنا توس
Home / Mac / Flash 22.0.0.192 and AIR 22.0.0.153 updates plus other Adobe security updates

Flash 22.0.0.192 and AIR 22.0.0.153 updates plus other Adobe security updates



Adobe Flash and AIR Updates:


Adobe should disseminate a security update of Adobe Flash and therefore AIR Tuesday, June 1

4th. However, a Flash zero-day utilization was detected, and Adobe delayed the update to today, Thursday, June 16th. Adobe has posted a security bulletin warning in this regard. If this sounds familiar, the same scenario will be played in May as well. (0_o)


The new versions are Flash v22.00.192 and AIR v22.0.0.153 .



You can find current versions of Adobe Flash and AIR here:



https://get.adobe.com/flashplayer/



https: //get.adobe. com / air / download /


– – [[19659010] Adobe Flash v22.00.192 update:


https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Vulnerabilities
These updates resolve the type of confusion issues that could lead to code execution (CVE-2016-4144, CVE-2016-4149).

These updates resolve usage issues that could lead to code execution (CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148).

These updates resolve vulnerability vulnerabilities that could lead to code execution (CVE-2016-4135, CVE- 2016-4136, CVE-2016-4138).

These updates resolve memory corruption Vulnerable cars that could lead to code execution (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4123, 4128, CVE-2016-4129, CVE-2016-4131, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171 .

These updates resolve a vulnerability in the directory search path that is used to find resources that could lead to code execution (CVE-2016-4140).

These updates resolve a vulnerability that can be exploited to bypass the same – origin policy and lead to information information (CVE-2016-4139).

The CVE currently being used In-The-Wild is CVE-2016-4171 in bold. Want to know more about this exploitation, please read by Dan Goodin's article on the subject: [19659019] Critical Adobe Flash error during active attack currently has no patch
Exploit works against the latest version; Adobe plans are updated later this week.



Adobe AIR v22.0.0.153 Update:



https://helpx.adobe.com/security/products/air/apsb16-23.html [19659012] Vulnerability Details

This update resolves A vulnerability in the directory search path used by the Air (sic) installer that could lead to code execution (CVE-2016-4116).

Note that this is actually a vulnerability found in AIR's previous installer .

~ ~ ~ ~ ~


other Adobe security updates from Tuesday, June 14th:


Adobe ColdFusion hotfixes available:


] https://helpx.adobe.com/security/products/coldfusion /apsb16-22.html

Security Details

These hotfixes resolve an important submission issue (CVE-2016-4159) that can be exploited to perform cross-site scripting attacks.


Adobe Creative Cloud Desktop Application v3.7.0.272 Update 9039]:


https://helpx.adobe.com/security/products/ creative-cloud / apsb16-21.html

Vulnerability Details

This update resolves a vulnerability in the directory search path used to find resources that could lead to code purchases (CVE-2016-4157).

This update resolves an unauthorized vulnerability vulnerability vulnerability in the Creative Cloud Desktop Application (CVE-2016-4158).

Adobe Brackets v1.7 Update :


https://helpx.adobe.com/security/products/brackets/apsb16-20.html

Security Issues Details
This The update resolves a JavaScript injection problem that may be misused in a cross-site scripting attack (CVE-2016-4164).

This update addresses a vulnerability in the Enhancement Manager setup process (CVE-2016-4165).

Adobe DNG Software Development Kit (SDK) 1.4 (2016 release) Update:




Source link