Adobe Security Bulletin

Security update available for Adobe Brackets

Release date: June 14, 2016

Vulnerability identifier: APSB16-20

Priority: 3

CVE number: CVE-2016-4164, CVE-2016-4165

Platform: Windows, Macintosh and Linux


Adobe has released a security update for Adobe Brackets for Windows, Macintosh and Linux. This update resolves a JavaScript injection vulnerability (CVE-2016-4164) and a vulnerability in the extension manager (CVE-2016-4165). Adobe recommends users update their product installation using the instructions provided in the “Solution” Section below.

Affected software versions

Product Affected Version Platform
Adobe Brackets 1.6 and earlier versions Windows, Macintosh and Linux


Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version by following the instructions below:

Product Updated version Platform Priority rating Availability
Adobe Brackets 1.7 Windows, Macintosh and Linux 3 Download

Vulnerability Details

  • This update resolves a JavaScript injection vulnerability, which could be abused in a cross-site scripting attack (CVE-2016-4164). 
  • This update resolves an input validation vulnerability in the extension manager (CVE-2016-4165).


Adobe would like to thank Kacper Rybczyński for reporting these issues (CVE-2016-4164 and CVE-2016-4165) and for working with Adobe to help protect our customers.