Adobe is aware of a report that an exploit for CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 21.0.0.197 and earlier versions for IE should update to Adobe Flash Player 21.0.0.213.
- Users of Adobe Flash Player 21.0.0.197 and earlier versions for Firefox (Windows) should update to Adobe Flash Player 21.0.0.213
- Users of Adobe Flash Player 21.0.0.197 and earlier versions for Macintosh should update to Adobe Flash Player 21.0.0.213
- Adobe Flash Player installed with Google Chrome will be automatically updated to the current version.
- Adobe Flash Player installed for Internet Explorer on Windows 8.1 will be automatically updated to the current version.
- Adobe Flash Player installed for Microsoft Edge and Internet Explorer 11 on Windows 10 will be automatically updated to the current version.
- Users of Adobe Flash Player 11.2.202.577 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.616
Overview
Adobe Flash Player 21 drives innovation for rich, engaging digital experiences with new features for cross-platform browser-based viewing of expressive rich internet applications, content, and videos across devices. This release provides access to the Flash Player 21 runtime for Windows desktop, Mac OS, iOS and Android environments.
What's new in Flash Player 21
Adobe Flash Player 21 includes the following:
- GPU Memory Information In Context3D
- Support for Browser Zoom Factor in Firefox
- PPAPI vector printing on MAC OSX
- Simplified LSO UI
- Media Auto Play for iOS & Android
- Android StageWebView debugging
For a full list of features in Flash Player and AIR, including features introduced in previous releases, please review the document here.
Download Flash Player 21.0.0.213
The following downloads provide the Adobe Flash Player 21.0.0.213 installers for Windows, Linux and Mac OS X. Download the files appropriate for you:
Security fixes:
This release contains the following security fixes:
- Hardened a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations (CVE-2016-1006).
- Fixed type confusion vulnerabilities that could lead to code execution (CVE-2016-1015, CVE-2016-1019).
- Fixed use-after-free vulnerabilities that could lead to code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, CVE-2016-1031).
- Fixed memory corruption vulnerabilities that could lead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033).
- Fixed a stack overflow vulnerability that could lead to code execution (CVE-2016-1018).
- Fixed a security bypass vulnerability (CVE-2016-1030).
- Fixed a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-1014).
Sources:
Adobe Flash Player 21 Release Notes
Adobe Security Bulletins and Advisories
APSB16-10 Security updates available for Adobe Flash Player
No comments:
Post a Comment