security updates for Adobe Flash Player

Number: AV16-059
Date: 8 April 2016

Purpose

The purpose of this advisory is to bring attention to the recently released security updates for Adobe Flash Player.

Assessment

Adobe has released Security Bulletin APSB16-10 to address critical vulnerabilities that could allow an attacker to take control of the affected system.

Affected Versions:

  • Adobe Flash Player Desktop Runtime 21.0.0.197 and earlier for Windows and Macintosh
  • Adobe Flash Player Extended Support Release 18.0.0.333 and earlier for Windows and Macintosh
  • Adobe Flash Player for Google Chrome 21.0.0.197 and earlier for Windows, Macintosh, Linux, and ChromeOS
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.197  and earlier for Windows 10
  • Adobe Flash Player for Internet Explorer 11 21.0.0.197 and earlier for Windows 8.1
  • Adobe Flash Player for Linux 11.2.202.577 and earlier for Linux

CVE References: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019*, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033

*Adobe is aware that CVE-2016-1019 is being actively exploited in the wild on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to CCIRC Alert AL16-006 for details.

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

Date modified: