SUMMARY === Adobe has released security updates for Adobe Flash Player that addresses critical vulnerabilities. This patch update covers multiple Common Vulnerabilities and Exposures identifiers (CVE) as noted in Adobe Security Bulletin APSB16-08. [1]
In conjunction with these flaws, Microsoft has issued an out-of-band patch for Adobe Flash Player when on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. The Microsoft update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge. [2] IMPACT === This set of updates covers vulnerabilities rated as critical by both Adobe and Microsoft. Attackers can remotely take control of affected systems if exploitation is successful. Adobe has noted that there are reports of CVE-2016-1010 already being exploited in targeted attacks. [1] VULNERABLE === * Adobe Flash Player Desktop Runtime, 20.0.0.306 and earlier (Windows and Macintosh) * Adobe Flash Player Extended Support Release, 18.0.0.329 and earlier (Windows and Macintosh) * Adobe Flash Player for Google Chrome, 20.0.0.306 and earlier (Windows, Macintosh, Linux and * ChromeOS) * Adobe Flash Player for Microsoft Edge and Internet Explorer 11, 20.0.0.306 and earlier (Windows 10) * Adobe Flash Player for Internet Explorer 11, 20.0.0.306 and earlier (Windows 8.1) * Adobe Flash Player for Linux, 11.2.202.569 and earlier (Linux) * AIR Desktop Runtime, 20.0.0.260 and earlier (Windows and Macintosh) * AIR SDK, 20.0.0.260 and earlier (Windows, Macintosh, Android and iOS) * AIR SDK & Compiler, 20.0.0.260 and earlier (Windows, Macintosh, Android and iOS) * AIR for Android, 20.0.0.233 and earlier (Android) RECOMMENDATIONS === * Users and service providers are advised to patch affected systems immediately. * For non-Microsoft platforms, please consult Adobe Security Bulletin APSB16-08 [1] * For Microsoft platforms, please consult Microsoft Security Bulletin MS16-036 [2] REFERENCES === [1] https://helpx.adobe.com/security/products/flash-player/apsb16-08.html [2] https://technet.microsoft.com/en-us/library/security/MS16-036 [3] https://security.berkeley.edu/news/adobe-flash-player-multiple-zero-day-vulnerabilities-cve-2016-1010
------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. ANNOUNCEMENTS: To send announcements to the Micronet list, please use the micronet-annou...@lists.berkeley.edu list.