Security Alert (A16-12-03): Multiple Vulnerabilities in Adobe Flash Player


 

Published on: 14 December 2016

  
  

 

Description:

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by buffer overflow, memory corruption, security restriction bypass and use-after-free errors. A remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content to exploit the vulnerabilities.


Reports indicate that one of the vulnerabilities is being actively exploited in the wild.


Affected Systems:

  • Adobe Flash Player Desktop Runtime for Windows and Macintosh 23.0.0.207 and earlier
  • Adobe Flash Player for Google Chrome 23.0.0.207 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 23.0.0.207 and earlier
  • Adobe Flash Player for Linux 11.2.202.644 and earlier

 

Impact:

A successful exploitation could lead to arbitrary code execution or potentially take control of an affected system.


Recommendation:

Upgrade Adobe Flash Player to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Adobe Flash Player Desktop Runtime 24.0.0.186 for Windows and Macintosh
    http://www.adobe.com/go/getflash
    http://www.adobe.com/products/players/flash-player-distribution.html

  • Adobe Flash Player 24.0.0.186 for Google Chrome
    http://googlechromereleases.blogspot.com/

  • Adobe Flash Player 24.0.0.186 for Microsoft Edge and Internet Explorer 11
    https://technet.microsoft.com/en-us/library/security/ms16-154.aspx

  • Adobe Flash Player 24.0.0.186 for Linux
    http://www.adobe.com/go/getflash

If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at

  • http://www.adobe.com/software/flash/about/

More Information:

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
https://www.hkcert.org/my_url/en/alert/16121402
https://www.us-cert.gov/ncas/current-activity/2016/12/13/Adobe-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7867 (to CVE-2016-7881)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7892



Tag: Adobe , Flash Player
Tags