Adobe Flash Player 19.0.0.185 is now available for download

Adobe has released Flash Player 19.0.0.185 for Windows and Macintosh, and Flash Player 11.2.202.521 for Linux. Flash Player 19 includes new features as well as enhancements and bug fixes related to stability, performance, and device compatibility. These updates also address multiple critical-risk vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe recommends users update their product installations to the latest versions:
  • Users of Adobe Flash Player 18.0.0.232 and earlier versions for IE should update to Adobe Flash Player 19.0.0.185.
  • Users of Adobe Flash Player 18.0.0.232 and earlier versions for Firefox (Windows) should update to Adobe Flash Player 19.0.0.185.
  • Users of Adobe Flash Player 18.0.0.232 and earlier versions for Macintosh should update to Adobe Flash Player 19.0.0.185.
  • Adobe Flash Player installed with Google Chrome will be automatically updated to the current version.
  • Adobe Flash Player installed for Internet Explorer on Windows 8.0/8.1 will be automatically updated to the current version.
  • Adobe Flash Player installed for Microsoft Edge and Internet Explorer 11 on Windows 10 will be automatically updated to the current version.
  • Users of Adobe Flash Player 11.2.202.508 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.521.

Download Flash Player 19.0.0.185
The following downloads provide the Adobe Flash Player 19.0.0.185 installers for Windows, Linux and Mac OS X. Download the files appropriate for you:

Overview
Adobe Flash Player 19.0 drives innovation for rich, engaging digital experiences with new features for cross-platform browser-based viewing of expressive rich internet applications, content, and videos across devices. This release provides access to the Flash Player 19.0 runtime for Windows desktop, Mac OS, iOS and Android environments.

What's new in Flash Player 19.0
Adobe Flash Player 19.0 includes the following:

iOS Concurrency
Worker object represents a worker, which is a virtual instance of the Flash runtime. Each Worker instance controls and provides access to the lifecycle and shared data of a single worker.

Improved Stage3D Error Messages
This feature is enabled in swf-version 30 for both Flash Player and AIR. Swf compiled with version less than 30 will throw old error code message.

Swf compiled with version 30 and above will throw new error code message.

New insertAt() and removeAt() Vector and Array APIs
Flash Player and AIR 19 comes with two new APIs for element insertion or removal in Vector and Arrays. They are implemented to perform better than existing splice methods when used for single element.

Added ability to disable browser zoom factor scaling via HTML
Improved Resolution of Stage3D content on Browser Zoom implemented in Flash Player version 15, and extended in Flash Player version 18. Browser Zoom Factor (BZF) for PPAPI Plugin and non-Win 8.x Active-x allows automatic scaling of Flash content in response to web page zoom for StageScaleMode.NoScale mode. In Flash Player 19, BZF can now be enabled or disabled optionally by the developer.

BZF is turned on by default but can now be turn on/off by setting a new attribute browserzoom to two possible values scale/noscale in HTML EMBEDSWF and OBJECT tag.

For a full list of features in Flash Player and AIR, including features introduced in previous releases, please review the document here.

Security fixes:
This release contains the following security fixes:
  • Fixed a type confusion vulnerability that could lead to code execution (CVE-2015-5573).
  • Fixed use-after-free vulnerabilities that could lead to code execution (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682).
  • Fixed buffer overflow vulnerabilities that could lead to code execution (CVE-2015-6676, CVE-2015-6678).
  • Fixed memory corruption vulnerabilities that could lead to code execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, CVE-2015-6677).
  • These updates include additional validation checks to ensure that Flash Player rejects malicious content from vulnerable JSONP callback APIs  (CVE-2015-5571).
  • Fixed a memory leak vulnerability (CVE-2015-5576).
  • These updates include further hardening to a mitigation to defend against vector length corruptions  (CVE-2015-5568).
  • Fixed stack corruption vulnerabilities that could lead to code execution (CVE-2015-5567, CVE-2015-5579).
  • Fixed a stack overflow vulnerability that could lead to code execution (CVE-2015-5587).
  • Fixed a security bypass vulnerability that could lead to information disclosure (CVE-2015-5572).
  • Fixed a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-6679).

Sources:
Adobe Flash Player 19 Release Notes
Adobe Security Bulletins and Advisories
APSB15-23 Security updates available for Adobe Flash Player

No comments: