Number: AV16-079
Date: 13 May 2016
Purpose
The purpose of this advisory is to bring attention to the recently released security updates for Adobe Flash Player.
Assessment
Adobe has released Security Bulletin APSB16-15 to address critical vulnerabilities that could allow an attacker to take control of vulnerable systems. All OS platforms are reported as being impacted.
Affected software versions:
- Adobe Flash Player Desktop Runtime 21.0.0.226 and earlier versions
- Adobe Flash Player Extended Support Release 18.0.0.343 and earlier versions
- Adobe Flash Player for Google Chrome 21.0.0.216 and earlier versions
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.213 and earlier versions
- Adobe Flash Player for Internet Explorer 11 21.0.0.213 and earlier versions
- Adobe Flash Player for Linux 11.2.202.616 and earlier versions
- AIR Desktop Runtime 21.0.0.198 and earlier versions
- AIR SDK 21.0.0.198 and earlier versions
- AIR SDK & Compiler 21.0.0.198 and earlier versions
CVE References: CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117.
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References
Adobe Security Bulletin: https://helpx.adobe.com/security/products/flash-player/apsb16-15.html