Adobe Flash Player version 21.0.0.213 has been released by Adobe Systems. Adobe Flash Player is a cross-platform browser-based application runtime that is required for viewing of certain applications, content, and videos.
Fixed Issues
- API changed with DisplayObject.scrollRect that broke backwards compatibility [4130875]
-
Animal Jam mini/micro games quits unexpectedly after minimal playtime [4130309]
-
Gapminder World gives OOM message [4127403]
-
Error 1508 The value specified for argument sourceRect is invalid, is thrown [4118087]
Known Issues
-
BitmapData.draw does not position Sprites with 3D transforms correctly when Sprites are clipped by a ScrollRect [4101814]
Security Updates
Adobe has released security updates for Adobe Flash Player for Windows. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier.
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows update to 21.0.0.213
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.213 for Windows
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.213.
- Adobe Flash Player installed with Internet Explorer for Windows 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.213.
Vulnerability Details
-
These updates harden a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations (CVE-2016-1006).
-
These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-1015, CVE-2016-1019).
-
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, CVE-2016-1031).
-
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033).
-
These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2016-1018).
-
These updates resolve a security bypass vulnerability (CVE-2016-1030).
-
These updates resolve a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-1014).
Adobe Flash Player is one of the applications that is managed and updated by ODS. If you are a current customer, ODS will automatically update your version of Adobe Flash Player over the next few days. ODS will deploy both the ActiveX version and the Plugin version. This ensures that Adobe Flash Player will function with web browsers including Internet Explorer, Firefox, and Chrome. The update will install silently. No user interaction is required. There are no additional fees or charges for ODS to update your version of Adobe Flash Player.