[Micronet] [Announce] Adobe Flash Player Multiple Zero-Day Vulnerabilities (CVE-2016-1010)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Micronet] [Announce] Adobe Flash Player Multiple Zero-Day Vulnerabilities (CVE-2016-1010)

Josh Kwan
SUMMARY
===
Adobe has released security updates for Adobe Flash Player that addresses critical vulnerabilities. This patch update covers multiple Common Vulnerabilities and Exposures identifiers (CVE) as noted in Adobe Security Bulletin APSB16-08. [1]

In conjunction with these flaws, Microsoft has issued an out-of-band patch for Adobe Flash Player when on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. The Microsoft update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge. [2]


IMPACT
===
This set of updates covers vulnerabilities rated as critical by both Adobe and Microsoft. Attackers can remotely take control of affected systems if exploitation is successful. Adobe has noted that there are reports of CVE-2016-1010 already being exploited in targeted attacks. [1]


VULNERABLE
===
* Adobe Flash Player Desktop Runtime, 20.0.0.306 and earlier (Windows and Macintosh)
* Adobe Flash Player Extended Support Release, 18.0.0.329 and earlier (Windows and Macintosh)
* Adobe Flash Player for Google Chrome, 20.0.0.306 and earlier (Windows, Macintosh, Linux and * ChromeOS)
* Adobe Flash Player for Microsoft Edge and Internet Explorer 11, 20.0.0.306 and earlier (Windows 10)
* Adobe Flash Player for Internet Explorer 11, 20.0.0.306 and earlier (Windows 8.1)
* Adobe Flash Player for Linux, 11.2.202.569 and earlier (Linux)
* AIR Desktop Runtime, 20.0.0.260 and earlier (Windows and Macintosh)
* AIR SDK, 20.0.0.260 and earlier (Windows, Macintosh, Android and iOS)
* AIR SDK & Compiler, 20.0.0.260 and earlier (Windows, Macintosh, Android and iOS)
* AIR for Android, 20.0.0.233 and earlier (Android)


RECOMMENDATIONS
===
* Users and service providers are advised to patch affected systems immediately. 
* For non-Microsoft platforms, please consult Adobe Security Bulletin APSB16-08 [1]
* For Microsoft platforms, please consult Microsoft Security Bulletin MS16-036 [2]


REFERENCES
===

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Micronet] [Announce] Adobe Flash Player Multiple Zero-Day Vulnerabilities (CVE-2016-1010)

Ian Crew
Hi all:

It may not be appropriate for everyone, but I removed flash (WindowsMac OS) from my machine over a year ago, and I really don’t miss it.  For those rare times I do need it, I just open the page in Chrome, which includes a built-in Flash interpreter (that seems to have fewer security issues than the Adobe plugins).

Something to consider as a response to the continuing litany of zero-day Flash exploits…

Cheers,

Ian

On Mar 11, 2016, at 11:53 AM, Josh Kwan <[hidden email]> wrote:

SUMMARY
===
Adobe has released security updates for Adobe Flash Player that addresses critical vulnerabilities. This patch update covers multiple Common Vulnerabilities and Exposures identifiers (CVE) as noted in Adobe Security Bulletin APSB16-08. [1]

In conjunction with these flaws, Microsoft has issued an out-of-band patch for Adobe Flash Player when on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. The Microsoft update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge. [2]


IMPACT
===
This set of updates covers vulnerabilities rated as critical by both Adobe and Microsoft. Attackers can remotely take control of affected systems if exploitation is successful. Adobe has noted that there are reports of CVE-2016-1010 already being exploited in targeted attacks. [1]


VULNERABLE
===
* Adobe Flash Player Desktop Runtime, 20.0.0.306 and earlier (Windows and Macintosh)
* Adobe Flash Player Extended Support Release, 18.0.0.329 and earlier (Windows and Macintosh)
* Adobe Flash Player for Google Chrome, 20.0.0.306 and earlier (Windows, Macintosh, Linux and * ChromeOS)
* Adobe Flash Player for Microsoft Edge and Internet Explorer 11, 20.0.0.306 and earlier (Windows 10)
* Adobe Flash Player for Internet Explorer 11, 20.0.0.306 and earlier (Windows 8.1)
* Adobe Flash Player for Linux, 11.2.202.569 and earlier (Linux)
* AIR Desktop Runtime, 20.0.0.260 and earlier (Windows and Macintosh)
* AIR SDK, 20.0.0.260 and earlier (Windows, Macintosh, Android and iOS)
* AIR SDK & Compiler, 20.0.0.260 and earlier (Windows, Macintosh, Android and iOS)
* AIR for Android, 20.0.0.233 and earlier (Android)


RECOMMENDATIONS
===
* Users and service providers are advised to patch affected systems immediately. 
* For non-Microsoft platforms, please consult Adobe Security Bulletin APSB16-08 [1]
* For Microsoft platforms, please consult Microsoft Security Bulletin MS16-036 [2]


REFERENCES
===

-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.

___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Micronet] [Announce] Adobe Flash Player Multiple Zero-Day Vulnerabilities (CVE-2016-1010)

Josh Kwan
Thanks Ian. I agree, just uninstall Flash Player if you do not use it. Or if you must use it, use FireFox or Chrome with Click-to-Play for plugin content enabled. See our FAQs on how to enable Click-to-Play here:


Many Microsoft Windows users will need to update regardless, as Adobe Flash Player libraries are included in the Internet Explorer 10, 11, and Microsoft Edge browsers.

Josh
==
Josh Kwan <[hidden email]>
Security Analyst
Information Security and Policy
University of California, Berkeley
https://security.berkeley.edu

On Fri, Mar 11, 2016 at 11:58 AM, Ian Crew <[hidden email]> wrote:
Hi all:

It may not be appropriate for everyone, but I removed flash (WindowsMac OS) from my machine over a year ago, and I really don’t miss it.  For those rare times I do need it, I just open the page in Chrome, which includes a built-in Flash interpreter (that seems to have fewer security issues than the Adobe plugins).

Something to consider as a response to the continuing litany of zero-day Flash exploits…

Cheers,

Ian

On Mar 11, 2016, at 11:53 AM, Josh Kwan <[hidden email]> wrote:

SUMMARY
===
Adobe has released security updates for Adobe Flash Player that addresses critical vulnerabilities. This patch update covers multiple Common Vulnerabilities and Exposures identifiers (CVE) as noted in Adobe Security Bulletin APSB16-08. [1]

In conjunction with these flaws, Microsoft has issued an out-of-band patch for Adobe Flash Player when on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. The Microsoft update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge. [2]


IMPACT
===
This set of updates covers vulnerabilities rated as critical by both Adobe and Microsoft. Attackers can remotely take control of affected systems if exploitation is successful. Adobe has noted that there are reports of CVE-2016-1010 already being exploited in targeted attacks. [1]


VULNERABLE
===
* Adobe Flash Player Desktop Runtime, 20.0.0.306 and earlier (Windows and Macintosh)
* Adobe Flash Player Extended Support Release, 18.0.0.329 and earlier (Windows and Macintosh)
* Adobe Flash Player for Google Chrome, 20.0.0.306 and earlier (Windows, Macintosh, Linux and * ChromeOS)
* Adobe Flash Player for Microsoft Edge and Internet Explorer 11, 20.0.0.306 and earlier (Windows 10)
* Adobe Flash Player for Internet Explorer 11, 20.0.0.306 and earlier (Windows 8.1)
* Adobe Flash Player for Linux, 11.2.202.569 and earlier (Linux)
* AIR Desktop Runtime, 20.0.0.260 and earlier (Windows and Macintosh)
* AIR SDK, 20.0.0.260 and earlier (Windows, Macintosh, Android and iOS)
* AIR SDK & Compiler, 20.0.0.260 and earlier (Windows, Macintosh, Android and iOS)
* AIR for Android, 20.0.0.233 and earlier (Android)


RECOMMENDATIONS
===
* Users and service providers are advised to patch affected systems immediately. 
* For non-Microsoft platforms, please consult Adobe Security Bulletin APSB16-08 [1]
* For Microsoft platforms, please consult Microsoft Security Bulletin MS16-036 [2]


REFERENCES
===

-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.

___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Loading...