CVE-2016-0960
CVE-2016-0961
CVE-2016-0962
CVE-2016-0963
CVE-2016-0986
CVE-2016-0987
CVE-2016-0988
CVE-2016-0989
CVE-2016-0990
CVE-2016-0991
CVE-2016-0992
CVE-2016-0993
CVE-2016-0994
CVE-2016-0995
CVE-2016-0996
CVE-2016-0997
CVE-2016-0998
CVE-2016-0999
CVE-2016-1000
CVE-2016-1001
CVE-2016-1002
CVE-2016-1005
CVE-2016-1010
The following Adobe products are affected by the vulnerablitites:
| Product | Affected Versions | Platform |
|---|---|---|
| Adobe Flash Player Desktop Runtime | 20.0.0.306 and earlier |
Windows and Macintosh |
| Adobe Flash Player Extended Support Release | 18.0.0.329 and earlier | Windows and Macintosh |
| Adobe Flash Player for Google Chrome | 20.0.0.306 and earlier | Windows, Macintosh, Linux and ChromeOS |
| Adobe Flash Player for Microsoft Edge and Internet Explorer 11 | 20.0.0.306 and earlier | Windows 10 |
| Adobe Flash Player for Internet Explorer 11 | 20.0.0.306 and earlier | Windows 8.1 |
| Adobe Flash Player for Linux | 11.2.202.569 and earlier | Linux |
| AIR Desktop Runtime | 20.0.0.260 and earlier | Windows and Macintosh |
| AIR SDK | 20.0.0.260 and earlier | Windows, Macintosh, Android and iOS |
| AIR SDK & Compiler | 20.0.0.260 and earlier | Windows, Macintosh, Android and iOS |
| AIR for Android | 20.0.0.233 and earlier | Android |
The patch released today brings the latest version of Flash to 21.0.0.182 for Microsoft Windows and Mac OS X systems and 11.2.202.577 for Linux systems.
Adobe credited Anton Ivanov of Kaspersky Lab, a Russian software security company that provides antivirus software, for uncovering the CVE 2016-1010 vulnerability, which is the designation for an integer overflow vulnerability that allows attackers to remotely execute malicious code on vulnerable computers. According to a Kaspersky Lab representative, "Kaspersky Lab researchers have observed the usage of this vulnerability in a very limited number of targeted attacks."
You can check which version of Flash is currently supported in your browser by visiting Adobe's www.adobe.com/software/flash/about/ page. You will see something like "You have version 21,0,0,182 installed" provided you have Flash installed and your browser isn't already blocking an outdated version. E.g. rather than seeing a version displayed by that webpage, if you have an outdated version in use when you visit the page with the Google Chrome browser, the browser itself will display "Adobe Flash Player was blocked because it is out of date."
Alternatively, you can check the version of Flash using the BrowserSPY.dk Adobe Flash Information page.
If the browser is blocking the Adobe Flash Player because it is out-of-date,
so that you can't view the version by visiting a web page that detects and
displays the version of Flash present for the browser, on an Apple OS X system
you can find the version by examining the contents of
/Library/Internet Plug-Ins/Flash Player.plugin/Contents/version.plist
. E.g.:
$ cat "/Library/Internet Plug-Ins/Flash Player.plugin/Contents/version.plist" <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CFBundleShortVersionString</key> <string>20.0.0.306</string> <key>CFBundleVersion</key> <string>20.0.0.306</string> <key>ProjectName</key> <string>FlashPlayer</string> </dict> </plist>
Or, you can use the grep command to display just the version number from that file.
$ grep -A 1 CFBundleVersion "/Library/Internet Plug-Ins/Flash Player.plugin/Contents/version.plist" | grep string | grep -o '[0-9,\.]\+' 20.0.0.306
References: