Security Update for Adobe Digital Editions (APSB16-06)

ITS Advisory Number: 
2016-041
Date(s) Issued: 
Tuesday, March 8, 2016
Subject: 
Security Update for Adobe Digital Editions (APSB16-06)
Overview: 

This security update resolves a vulnerability in Adobe Digital Editions. This update resolves a critical memory corruption vulnerability that could lead to code execution.

Systems Affected: 

Adobe Digital Editions versions prior to 4.5.0 affecting Windows, Macintosh, iOS and Android

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Adobe Digital Editions is prone to one vulnerability. This vulnerability is as follows:

  • Memory corruption vulnerability that could lead to code execution (CVE-2016-0954).

 

Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the user running the affected application. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. 

Actions: 
  • After appropriate testing, apply applicable patch provided by Adobe to vulnerable systems.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.