Adobe Flash Player 20.0.0.267 Security Update (Out-of-band)

Adobe has released Flash Player 20.0.0.267 for Windows and Macintosh, and Flash Player 11.2.202.559 for Linux. These "out-of-band" security updates address multiple critical-risk vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe recommends users update their product installations to the latest versions:
  • Users of Adobe Flash Player 20.0.0.228 and earlier versions for IE should update to Adobe Flash Player 20.0.0.267
  • Users of Adobe Flash Player 20.0.0.235 and earlier versions for Firefox (Windows) should update to Adobe Flash Player 20.0.0.267.
  • Users of Adobe Flash Player 20.0.0.228 and earlier versions for Macintosh should update to Adobe Flash Player 20.0.0.267.
  • Adobe Flash Player installed with Google Chrome will be automatically updated to the current version.
  • Adobe Flash Player installed for Internet Explorer on Windows 8.0/8.1 will be automatically updated to the current version.
  • Adobe Flash Player installed for Microsoft Edge and Internet Explorer 11 on Windows 10 will be automatically updated to the current version.
  • Users of Adobe Flash Player 11.2.202.554 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.559.

Download Flash Player 20.0.0.267
The following downloads provide the Adobe Flash Player 20.0.0.267 installers for Windows, Linux and Mac OS X. Download the files appropriate for you:

Overview
Adobe Flash Player 20 drives innovation for rich, engaging digital experiences with new features for cross-platform browser-based viewing of expressive rich internet applications, content, and videos across devices. This release provides access to the Flash Player 20 runtime for Windows desktop, Mac OS, iOS and Android environments.

What's new in Flash Player 20
Adobe Flash Player 20 includes new features as well as enhancements and bug fixes related to stability, performance, and device compatibility, here are highlights of changes in version 20: 
  • Android SDK Upgrade
  • SecureSocket API Support for iOS
  • AIR 64 bit on Mac OS X
  • Provide Video Rotation Information to Action Script as Meta Data
  • PPAPI Vector Printing
  • Flash Player "Enable Hardware acceleration" setting for Edge and IE on Windows 8/10

More information about Flash Player 20 available here.

Security fixes:
This release contains the following security fixes:
  • Fixed a type confusion vulnerability that could lead to code execution (CVE-2015-8644).
  • Fixed an integer overflow vulnerability that could lead to code execution (CVE-2015-8651).
  • Fixed use-after-free vulnerabilities that could lead to code execution (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650).
  • Fixed memory corruption vulnerabilities that could lead to code execution (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645).

Sources:
Adobe Flash Player 20 Release Notes
Adobe Security Bulletins and Advisories
APSB16-01 Security updates available for Adobe Flash Player

No comments: