==================================================================== CERT-Renater Note d'Information No. 2016/VULN320 _____________________________________________________________________ DATE : 14/09/2016 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows, Mac OS X, iOS, Android running Adobe Digital Editions versions prior to 4.5.2 . ===================================================================== https://helpx.adobe.com/content/help/en/security/products/Digital-Editions/apsb16-28.html ____________________________________________________________________ Security update available for Adobe Digital Editions Release date: September 13, 2016 Vulnerability identifier: APSB16-28 Priority: 3 CVE numbers: CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262, CVE-2016-4263 Platform: Windows, Macintosh, iOS and Android Summary Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves critical memory corruption vulnerabilities that could lead to code execution. Affected versions Product Affected version Platform Adobe Digital Editions 4.5.1 and earlier versions Windows, Macintosh, iOS and Android Solution Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version: Product Updated version Platform Priority rating Availability Adobe Digital Editions 4.5.2 Windows 3 Download Page Macintosh 3 Download Page iOS 3 iTunes Android 3 Playstore Customers using Adobe Digital Editions 4.5.1 on Windows can download the update from the Adobe Digital Editions download page, or utilize the products update mechanism when prompted. Customers using Digital Editions for iOS and Android can download the update from the respective app store. For more information, please reference the release notes. Vulnerability Details - - This update resolves multiple memory corruption vulnerabilities that could lead to code execution (CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262). - - This update resolves a use-after-free vulnerability that could lead to code execution (CVE-2016-4263). Acknowledgments Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers: - - Ke Liu of Tencent's Xuanwu LAB (CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262). - - Mario Gomes (@NetFuzzer) working with Trend Micro's Zero Day Initiative (CVE-2016-4263). ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================