Published on: 09 November 2016
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by type confusion and use-after-free errors. A remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content to exploit the vulnerabilities.
Adobe Flash Player Desktop Runtime for Windows and Macintosh 23.0.0.205 and earlier
Adobe Flash Player for Google Chrome 23.0.0.205 and earlier
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 23.0.0.205 and earlier
Adobe Flash Player for Linux 11.2.202.643 and earlier
A successful exploitation could lead to arbitrary code execution or potentially take control of an affected system.
Upgrade Adobe Flash Player to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:
If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at http://www.adobe.com/software/flash/about/
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
https://www.hkcert.org/my_url/en/alert/16110902
https://www.us-cert.gov/ncas/current-activity/2016/11/08/Adobe-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7857 (to CVE-2016-7865)