Number: AV16-023
Date: 9 February 2016
Purpose
The purpose of this advisory is to bring attention to recently released security update for Adobe Flash Player.
Assessment
Adobe has released Security Bulletin APSB16-04 to address critical vulnerabilities that could allow an attacker to take control of the affected system.
Affected software versions:
- Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier versions for Windows and Macintosh
- Adobe Flash Player Extended Support Release 18.0.0.326 and earlier for Windows and Macintosh
- Adobe Flash Player for Google Chrome 20.0.0.286 and earlier versions for Windows, Macintosh, Linux and ChromeOS
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier versions for Windows 10
- Adobe Flash Player for Internet Explorer 11 and 20.0.0.272 and earlier versions for Windows 8.1
- Adobe Flash Player for Linux 11.2.202.559 and earlier versions for Linux
- AIR Desktop Runtime 20.0.0.233 and earlier versions for Windows and Macintosh
- AIR SDK 20.0.0.233 and earlier versions for Windows, Macintosh, Android and iOS
- AIR SDK & Compiler 20.0.0.233 and earlier versions for Windows, Macintosh, Android and iOS
CVE References: CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References
https://helpx.adobe.com/security/products/flash-player/apsb16-04.html