Number: AV16-059
Date: 8 April 2016
Purpose
The purpose of this advisory is to bring attention to the recently released security updates for Adobe Flash Player.
Assessment
Adobe has released Security Bulletin APSB16-10 to address critical vulnerabilities that could allow an attacker to take control of the affected system.
Affected Versions:
- Adobe Flash Player Desktop Runtime 21.0.0.197 and earlier for Windows and Macintosh
- Adobe Flash Player Extended Support Release 18.0.0.333 and earlier for Windows and Macintosh
- Adobe Flash Player for Google Chrome 21.0.0.197 and earlier for Windows, Macintosh, Linux, and ChromeOS
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.197 and earlier for Windows 10
- Adobe Flash Player for Internet Explorer 11 21.0.0.197 and earlier for Windows 8.1
- Adobe Flash Player for Linux 11.2.202.577 and earlier for Linux
CVE References: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019*, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033
*Adobe is aware that CVE-2016-1019 is being actively exploited in the wild on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to CCIRC Alert AL16-006 for details.
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References: