Product
Security update available for Adobe Connect
Release date: February 9, 2016
Vulnerability identifier: APSB16-07
Priority: 3
CVE number: CVE-2016-0948, CVE-2016-0949, CVE-2016-0950
Platform: Windows
Summary
Adobe has released a security update for Adobe Connect. This release resolves important input validation and content spoofing issues, and includes a feature to protect users from Cross-Site Request Forgery.
Affected Versions
|
Affected Versions |
Platform |
Adobe Connect |
9.4.2 and earlier versions |
Windows |
Solution
Adobe recommends on-premise customers update their installation to the newest version by following the instructions below:
Updated Version |
Availability |
||
Adobe Connect |
9.5.2 |
3 |
Note: The Adobe Connect 9.5.2 installer for customer on-premise deployments (all supported locales) will be available starting on Feb 11th, 2016. For more details on new features in Connect 9.5.2, please refer to the release notes.
Vulnerability Details
- This update includes a Cross-Site Request Forgery protection feature (CVE-2016-0948).
- This update resolves insufficient input validation in a URL parameter (CVE-2016-0949).
- This update resolves a vulnerability that could be used to misrepresent information presented in the user interface (content spoofing) (CVE-2016-0950).
Acknowledgments
Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:
- Eugene Dokukin and Francisco Correa (panchocosil) (CVE-2016-0948)
- Francisco Correa (panchocosil) (CVE-2016-0949)
- Lawrence Amer (CVE-2016-0950)