Adobe Security Bulletin

Release date: December 13, 2016

Vulnerability identifier: APSB16-45

Priority: 3

CVE numbers: CVE-2016-7888, CVE-2016-7889

Platform: Windows, Macintosh and Android

Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh and Android. This update resolves an important vulnerability that could result in a memory address leak, and an important XML parsing vulnerability that could lead to information disclosure.

Product	Affected version	Platform
Adobe Digital Editions	4.5.2 and earlier versions	Windows, Macintosh and Android

Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version:

Product	Updated version	Platform	Priority rating	Availability
		Windows	3	Download Page
Adobe Digital Editions	4.5.3	Macintosh	3	Download Page
		Android	3	Playstore

Customers using Adobe Digital Editions 4.5.2 can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.

For more information, please reference the release notes.

This update resolves a vulnerability that could lead to a memory address leak (CVE-2016-7888).
This update resolves an issue associated with parsing crafted XML entities that could lead to information disclosure (CVE-2016-7889).

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative (CVE-2016-7888)
Craig Arendt (CVE-2016-7889)

Adobe Security Bulletin

Security update available for Adobe Digital Editions

Summary

Affected versions

Solution

Vulnerability Details

Acknowledgments

Ask the Community

Contact Us