A Month Without Adobe Flash Player Patches

Adobe rolled out patches for four vulnerabilities in Adobe Experience Manager, the first time since January its monthly patch release cycle has not included a Flash Player security update.

Adobe rolled out its monthly patch release today, and the news isn’t necessarily what was patched, but what wasn’t.

For the first time since January, Adobe did not release a security update for Flash Player. Given Flash’s legacy of being a target-rich environment for cybercriminals and advanced attackers, a month without Flash patches is quite the respite.

Since February, there have been monthly Flash Player updates, including emergency patches for zero-day vulnerabilities being publicly exploited in each of April, May and June.

Last month, Adobe patched 52 vulnerabilities in Flash—most of the flaws allowed for remote code execution—one of the biggest security updates of the year from Adobe.

Today’s update provides hotfixes for four flaws in Adobe Experience Manager, the company’s enterprise web content management system. The software allows for content creation and publication, in addition to the ability to customize certain site and design components and administration capabilities.

Adobe said versions 6.2, 6.1, 6.0 and 5.6.1 are affected on Windows, Unix, Linux and Mac OS X machines.

All of the vulnerabilities are rated “important” in severity; two are input validation flaws that can be used in cross-site scripting attacks (CVE-2016-4168 and CVE-2016-4170), while another bug (CVE-2016-4253) was disclosed in the software’s backup functionality that could lead to information disclosure. The final vulnerability (CVE-2016-4169) allows unprivileged users access to audit logs.

Adobe said that it is not aware of any public attacks against these vulnerabilities.

Suggested articles

cisco critical patch

Cisco Patches High-Severity Flaws in IP Phones

The most serious vulnerabilities in Cisco’s 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.

Discussion

  • NZ on

    HEY ADOBE! WHY YOU DO NOTHING?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.