Adobe Security Bulletin

Security updates available for InDesign

Release date: December 13, 2016

Vulnerability identifier: APSB16-43

Priority: 3

CVE number: CVE-2016-7886

Platform: Windows and Macintosh


Adobe has released security updates for InDesign for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability. 

Affected versions

Product Affected version Platform
11.4.1 and earlier versions Windows and Macintosh
InDesign Server 11.0.0 and earlier versions Windows and Macintosh


Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating Availability
InDesign 12.0.0 Windows and Macintosh 3 Release Notes
InDesign Server 12.0.0 Windows and Macintosh  3 Release Notes

For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.

Vulnerability Details

This update resolves a critical memory corruption vulnerability (CVE-2016-7886).


Adobe would like to thank Fortinet's FortiGuard Labs for reporting this issue (CVE-2016-7886) and for working with Adobe to help protect our customers.