Number: AV16-183
Date: 8 November 2016
Purpose
The purpose of this advisory is to bring attention to the recently released security update for Adobe Flash Player.
Assessment
Adobe has released Security Bulletin APSB16-37 to address critical vulnerabilities that could allow an attacker to take control of the affected system.
Affected software versions:
- Adobe Flash Desktop Runtime 23.0.0.205 and earlier versions for Windows and Macintosh.
- Adobe Flash Player for Google Chrome 23.0.0.205 and earlier versions of Windows, Macintosh, Linux and Chrome.
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 23.0.0.205 and earlier for Windows 10 and 8.1.
- Adobe Flash Player for Linux versions 11.2.202.643 and earlier.
CVE References: CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html