Adobe Security Bulletin

Security update available for Adobe Digital Editions

Release date: September 13, 2016

Last Updated: September 26, 2016

Vulnerability identifier: APSB16-28

Priority: 3

CVE numbers: CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262, CVE-2016-4263, CVE-2016-6980

Platform: Windows, Macintosh, iOS and Android

Summary

Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves critical memory corruption vulnerabilities that could lead to code execution.

Affected versions

Product

Affected version

Platform

Adobe Digital Editions

4.5.1 and earlier versions

Windows, Macintosh, iOS and Android

Solution

Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version:

Product

Updated version

Platform

Priority rating

Availability

 

 

Windows

3

Adobe Digital Editions

4.5.2

Macintosh

3

 

 

iOS

3

 

 

Android

3

Customers using Adobe Digital Editions 4.5.1 on Windows can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.  Customers using Digital Editions for iOS and Android can download the update from the respective app store.  

For more information, please reference the release notes.

Vulnerability Details

  • This update resolves multiple memory corruption vulnerabilities that could lead to code execution (CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262). 
  • This update resolves a use-after-free vulnerability that could lead to code execution (CVE-2016-4263, CVE-2016-6980).

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Ke Liu of Tencent's Xuanwu LAB (CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262). 
  • Mario Gomes (@NetFuzzer) working with Trend Micro's Zero Day Initiative (CVE-2016-4263).
  • Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative (CVE-2016-6980).

Revisions

September 26, 2016: added reference to CVE-2016-6980, which was inadvertently ommitted from the bulletin

 Adobe

Nhận trợ giúp nhanh chóng và dễ dàng hơn

Bạn là người dùng mới?

Adobe MAX 2024

Adobe MAX
Hội thảo sáng tạo

14–16/10 Bãi biển Miami và trực tuyến

Adobe MAX

Hội thảo sáng tạo

14–16/10 Bãi biển Miami và trực tuyến

Adobe MAX 2024

Adobe MAX
Hội thảo sáng tạo

14–16/10 Bãi biển Miami và trực tuyến

Adobe MAX

Hội thảo sáng tạo

14–16/10 Bãi biển Miami và trực tuyến