MyCERT Advisories


MyCERT Advisories, Alerts and Summaries for the year 2016

MA-607.052016: MyCERT Advisory - Adobe Releases Security Updates for Flash Player

Date published: 13/05/2016

 

1.0 Introduction

Adobe has released security updates to address vulnerabilities in Flash Player. Users and administrators are encouraged to review Adobe Security Bulletin APSB16-15 and apply the necessary updates.

 

2.0 Impact

These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  

 

3.0 Affected Products

The affected products of Adobe is as listed below:

Product

Affected Versions

Platform

Adobe Flash Player Desktop Runtime

21.0.0.226 and earlier

Windows and Macintosh

Adobe Flash Player Extended Support Release

18.0.0.343 and earlier

Windows and Macintosh

Adobe Flash Player for Google Chrome

21.0.0.216 and earlier

Windows, Macintosh, Linux and ChromeOS

Adobe Flash Player for Microsoft Edge and Internet Explorer 11

21.0.0.213 and earlier

Windows 10

Adobe Flash Player for Internet Explorer 11

21.0.0.213 and earlier

Windows 8.1

Adobe Flash Player for Linux

11.2.202.616 and earlier

Linux

AIR Desktop Runtime

21.0.0.198 and earlier

Windows and Macintosh

AIR SDK

21.0.0.198 and earlier

Windows, Macintosh, Android and iOS

AIR SDK & Compiler

21.0.0.198 and earlier

Windows, Macintosh, Android and iOS

 

4.0 Recommendation

MyCERT highly recommends users or administrators of these applications to upgrade to the latest version of the affected products:

4.1 Adobe Flash Player Desktop Runtime for Windows and Macintosh, should update to version 21.0.0.242, via:

4.2 Adobe Flash Player Extended Support Release should update to version 18.0.0.352, via:

4.3 Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.621, via:

4.4 Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.242, please refer:

4.5 Adobe Flash Player installed with Internet Explorer 11 for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.242, please refer:

4.6 Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.242. 

4.7 AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 21.0.0.215, via:

 

5.0 Updates and vulnerability details:

These updates resolve:

  • type confusion vulnerabilities that could lead to code execution (CVE-2016-1105, CVE-2016-4117). 
  • use-after-free vulnerabilities that could lead to code execution (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110) 
  • a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-1101).
  • a buffer overflow vulnerability that could lead to code execution (CVE-2016-1103).
  • memory corruption vulnerabilities that could lead to code execution (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115).
  • a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-4116).


Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : cyber999@cybersecurity.my or mycert@mycert.org.my 
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web : http://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

6.0  References