Adobe Flash Player 22.0.0.209 is now available for download

Adobe has released Flash Player 22.0.0.209 for Windows, Macintosh and Chrome OS, and Flash Player 11.2.202.632 for Linux. These updates also address multiple critical-risk vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe recommends users update their product installations to the latest versions:
  • Users of Adobe Flash Player 22.0.0.192 and earlier versions for IE should update to Adobe Flash Player 22.0.0.209.
  • Users of Adobe Flash Player 22.0.0.192 and earlier versions for Firefox (Windows) should update to Adobe Flash Player 22.0.0.209
  • Users of Adobe Flash Player 22.0.0.192 and earlier versions for Macintosh should update to Adobe Flash Player 22.0.0.209
  • Adobe Flash Player installed with Google Chrome will be automatically updated to the current version.
  • Adobe Flash Player installed for Internet Explorer on Windows 8.1 will be automatically updated to the current version.
  • Adobe Flash Player installed for Microsoft Edge and Internet Explorer 11 on Windows 10 will be automatically updated to the current version.
  • Users of Adobe Flash Player 11.2.202.626 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.632

Overview
Adobe Flash Player 22 drives innovation for rich, engaging digital experiences with new features for cross-platform browser-based viewing of expressive rich internet applications, content, and videos across devices. This release provides access to the Flash Player 22 runtime for Windows desktop, Mac OS, iOS and Android environments.

What's new in Flash Player 22
Adobe Flash Player 22 includes the following:
  • Video Pipeline Changes for Android AIR
  • Prevent Flash Player Cross-Channel Installation on OS X
  • EnableLocalAppData
  • HiDPI support for AIR Windows
  • stage.contentsScaleFactor
  • Anti-Aliasing (Render to texture) for AIR Mobile
  • Echo Cancellation on AIR iOS
  • Multitasking Enhancements Support in AIR iOS - Beta
  • Support for Android N Beta
  • System level Flash Player support for AIR desktop applications
  • Override Flash Player's default language via mms.cfg

For a full list of features in Flash Player and AIR, including features introduced in previous releases, please review the document here.

Download Flash Player 22.0.0.209
The following downloads provide the Adobe Flash Player 22.0.0.209 installers for Windows, Linux and Mac OS X. Download the files appropriate for you:


Security fixes:
This release contains the following security fixes:
  • Fixed a race condition vulnerability that could lead to information disclosure (CVE-2016-4247).
  • Fixed type confusion vulnerabilities that could lead to code execution (CVE-2016-4223, CVE-2016-4224, CVE-2016-4225).
  • Fixed use-after-free vulnerabilities that could lead to code execution (CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4248).
  • Fixed a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-4249).
  • Fixed memory corruption vulnerabilities that could lead to code execution (CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246).
  • Fixed a memory leak vulnerability (CVE-2016-4232).
  • Fixed stack corruption vulnerabilities that could lead to code execution (CVE-2016-4176, CVE-2016-4177).
  • Fixed a security bypass vulnerability that could lead to information disclosure (CVE-2016-4178)

Sources:
Adobe Flash Player 22 Release Notes
Adobe Security Bulletins and Advisories
APSB16-25 Security updates available for Adobe Flash Player

No comments: