Adobe Flash vulnerability security updates released on March 10, 2016

Adobe has released an emergency update for its Flash media player which contains fixes for about two dozen critical vulnerabilities. Adobe defines a critical vulnerability as "A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware. Adobe Security Bulletin ASP16-08 lists the following Common Vulnerabilities and Exposures (CVEs) addressed in the new release:


The following Adobe products are affected by the vulnerablitites:

Product Affected Versions Platform
Adobe Flash Player Desktop Runtime and earlier
Windows and Macintosh
Adobe Flash Player Extended Support Release and earlier Windows and Macintosh
Adobe Flash Player for Google Chrome and earlier Windows, Macintosh, Linux and ChromeOS
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 and earlier Windows 10
Adobe Flash Player for Internet Explorer 11 and earlier Windows 8.1
Adobe Flash Player for Linux and earlier Linux
AIR Desktop Runtime and earlier Windows and Macintosh
AIR SDK and earlier Windows, Macintosh, Android and iOS
AIR SDK & Compiler and earlier Windows, Macintosh, Android and iOS
AIR for Android and earlier Android

The patch released today brings the latest version of Flash to for Microsoft Windows and Mac OS X systems and for Linux systems.

Adobe credited Anton Ivanov of Kaspersky Lab, a Russian software security company that provides antivirus software, for uncovering the CVE 2016-1010 vulnerability, which is the designation for an integer overflow vulnerability that allows attackers to remotely execute malicious code on vulnerable computers. According to a Kaspersky Lab representative, "Kaspersky Lab researchers have observed the usage of this vulnerability in a very limited number of targeted attacks."

You can check which version of Flash is currently supported in your browser by visiting Adobe's page. You will see something like "You have version 21,0,0,182 installed" provided you have Flash installed and your browser isn't already blocking an outdated version. E.g. rather than seeing a version displayed by that webpage, if you have an outdated version in use when you visit the page with the Google Chrome browser, the browser itself will display "Adobe Flash Player was blocked because it is out of date."

Alternatively, you can check the version of Flash using the Adobe Flash Information page.

If the browser is blocking the Adobe Flash Player because it is out-of-date, so that you can't view the version by visiting a web page that detects and displays the version of Flash present for the browser, on an Apple OS X system you can find the version by examining the contents of /Library/Internet Plug-Ins/Flash Player.plugin/Contents/version.plist . E.g.:

$ cat "/Library/Internet Plug-Ins/Flash Player.plugin/Contents/version.plist"
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">

Or, you can use the grep command to display just the version number from that file.

$ grep -A 1 CFBundleVersion "/Library/Internet Plug-Ins/Flash Player.plugin/Contents/version.plist" | grep string | grep -o '[0-9,\.]\+'


  1. Adobe Security Bulletin
    Release Date: March 10, 2016
    Vulnerability identifier: APSB16-08
    Adobe Support
  2. Adobe issues emergency patch for actively exploited code-execution bug
    Critical bug was used to take control of vulnerable computers
    By: Dan Goodin
    Date: March 10, 2016
    Ars Technica


TechRabbit ad 300x250

Justdeals Daily Electronics Deals1x1 px