The following Adobe products are affected by the vulnerablitites:
|Adobe Flash Player Desktop Runtime||22.214.171.1246 and earlier
||Windows and Macintosh
|Adobe Flash Player Extended Support Release||126.96.36.1999 and earlier||Windows and Macintosh
|Adobe Flash Player for Google Chrome||188.8.131.526 and earlier||Windows, Macintosh, Linux and ChromeOS
|Adobe Flash Player for Microsoft Edge and Internet Explorer 11||184.108.40.2066 and earlier||Windows 10|
|Adobe Flash Player for Internet Explorer 11||220.127.116.116 and earlier||Windows 8.1|
|Adobe Flash Player for Linux||18.104.22.1689 and earlier||Linux|
|AIR Desktop Runtime||22.214.171.1240 and earlier||Windows and Macintosh|
|AIR SDK||126.96.36.1990 and earlier||Windows, Macintosh, Android and iOS|
|AIR SDK & Compiler||188.8.131.520 and earlier||Windows, Macintosh, Android and iOS|
|AIR for Android||184.108.40.206 and earlier||Android|
The patch released today brings the latest version of Flash to 220.127.116.11 for Microsoft Windows and Mac OS X systems and 18.104.22.1687 for Linux systems.
Adobe credited Anton Ivanov of Kaspersky Lab, a Russian software security company that provides antivirus software, for uncovering the CVE 2016-1010 vulnerability, which is the designation for an integer overflow vulnerability that allows attackers to remotely execute malicious code on vulnerable computers. According to a Kaspersky Lab representative, "Kaspersky Lab researchers have observed the usage of this vulnerability in a very limited number of targeted attacks."
You can check which version of Flash is currently supported in your browser by visiting Adobe's www.adobe.com/software/flash/about/ page. You will see something like "You have version 21,0,0,182 installed" provided you have Flash installed and your browser isn't already blocking an outdated version. E.g. rather than seeing a version displayed by that webpage, if you have an outdated version in use when you visit the page with the Google Chrome browser, the browser itself will display "Adobe Flash Player was blocked because it is out of date."
Alternatively, you can check the version of Flash using the BrowserSPY.dk Adobe Flash Information page.
If the browser is blocking the Adobe Flash Player because it is out-of-date,
so that you can't view the version by visiting a web page that detects and
displays the version of Flash present for the browser, on an Apple OS X system
you can find the version by examining the contents of
/Library/Internet Plug-Ins/Flash Player.plugin/Contents/version.plist
$ cat "/Library/Internet Plug-Ins/Flash Player.plugin/Contents/version.plist" <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CFBundleShortVersionString</key> <string>22.214.171.1246</string> <key>CFBundleVersion</key> <string>126.96.36.1996</string> <key>ProjectName</key> <string>FlashPlayer</string> </dict> </plist>
Or, you can use the grep command to display just the version number from that file.
$ grep -A 1 CFBundleVersion "/Library/Internet Plug-Ins/Flash Player.plugin/Contents/version.plist" | grep string | grep -o '[0-9,\.]\+' 188.8.131.526