Adobe Flash Player version 22.0.0.192 has been released by Adobe Systems. Adobe Flash Player is a cross-platform browser-based application runtime that is required for viewing of certain applications, content, and videos.
Fixed Issues
- SecurityError.prototype in Dictionary throws an exception [4100136]
- Printing via FlexPrintJob, border of the “Print” button is missing [4136816]
- Player crashes if “totalFrames” property of a loaded volatile MovieClip is accessed [4127339]
- XML attributes randomly receiving null characters [4100928]
- PPAPI Printed rectangle gets shifted in position [4119300]
- [Chrome Only] Portrait mode prints objects smaller as compared to landscape mode [4122310]
- DisplayObject.setScrollRect is throwing error 1508 [4150980]
- Space metacharacter [s] doesn’t include non-breaking spaces [xA0] [4138365]
- Error#1508 thrown on some sites with a blank screen appearing afterwards [4136470]
New Features
EnableLocalAppData
Flash applications use Appdata/Roaming directory (C:UsersusernameAppDataRoamingMacromediaFlash Player) to store information like LSOs (Local Shared Objects) or logs etc. If this folder has been redirected to a network drive, which can occur at times in enterprise environments, performance and security issues may arise. With this feature, we are providing a new property for the mms.cfg, “EnableLocalAppData” which if set, will place the Macromedia Folder (where flash app data is stored) in AppData/Local directory (C:UsersusernameAppDataLocalMacromediaFlash Player). With EnableLocalAppData, the user will be able to place their system’s AppData folder on a network location without worrying about impacting flash applications’ data or log performance. Users can set EnableLocalAppData by adding EnableLocalAppData=1, EnableLocalAppData=yes, or EnableLocalAppData=true value in mms.cfg.
-
-
Override Flash Player’s default language via mms.cfg
This feature allows users to change flash player’s default language by setting a property, named DefaultLanguage in mms.cfg. Flash player’s default language will be set to the language given in DefaultLanguage key in the mms.cfg regardless of the system’s language.
Note: “Y” indicates flash player’s language will be overridden with language given in DefaultLanguage property while for “N”, “en” will be assigned for the configured language.
This feature is applicable to both Flash Player (all plugin-types) and AIR.
DefaultLanguage can have any value from table below:
| Language | Value | Support | ||||
| Win | Mac | PPAPI | ||||
| FP | AIR | FP | AIR | FP | ||
| Arabic | ar | Y | Y | Y | N | N |
| Bulgarian | bg | Y | Y | Y | N | N |
| Czech | cs | Y | Y | Y | Y | Y |
| Danish | da | Y | Y | Y | N | N |
| German | de | Y | Y | Y | Y | Y |
| Greek | el | Y | Y | Y | N | N |
| English | en | Y | Y | Y | Y | Y |
| English – United Kingdom | en_gb | Y | Y | Y | Y | N |
| Spanish | es | Y | Y | Y | Y | Y |
| Estonian | et | Y | Y | Y | N | N |
| Finnish | fi | Y | Y | Y | N | N |
| French | fr | Y | Y | Y | Y | Y |
| Hebrew | he | Y | Y | Y | N | N |
| Croatian | hr | Y | Y | Y | N | N |
| Hungarian | hu | Y | Y | Y | N | N |
| Italian | it | Y | Y | Y | Y | Y |
| Japanese | ja | Y | Y | Y | Y | Y |
| Korean | ko | Y | Y | Y | Y | Y |
| Azeri | lt | Y | Y | Y | N | N |
| Latvian | lv | Y | Y | Y | N | N |
| Norwegian | nb | Y | Y | Y | N | N |
| Dutch | nl | Y | Y | Y | Y | Y |
| Polish | pl | Y | Y | Y | Y | Y |
| Portuguese | pt | Y | Y | Y | Y | Y |
| Portuguese – Portugal | pt_pt | Y | Y | Y | Y | N |
| Romanian | ro | Y | Y | Y | N | N |
| Russian | ru | Y | Y | Y | Y | Y |
| Slovak | sk | Y | Y | Y | N | N |
| Slovenian | sl | Y | Y | Y | N | N |
| Serbian | sr | Y | Y | Y | N | N |
| Swedish | sv | Y | Y | Y | Y | Y |
| Thai | th | Y | Y | Y | N | N |
| Turkish | tr | Y | Y | Y | Y | Y |
| Ukrainian | uk | Y | Y | Y | N | N |
| Chinese – China | zh-CN | Y | Y | Y | Y | Y |
| Chinese – Taiwan | zh-TW | Y | Y | Y | Y | Y
|
Known Issues
- [Win] PPAPI multiple entries are getting created in Add Remove Programs during
msi upgrade [4159503]
- Button states are handled inconsistently across Flash Player and SAP [4110334]
Security Updates
Adobe has released security updates for Adobe Flash Player for Windows. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Please refer to APSA16-03 for additional details.
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows update to 22.0.0.192
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 22.0.0.192 for Windows.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 22.0.0.192.
Vulnerability Details
- These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-4144, CVE-2016-4149).
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148).
- These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2016-4135, CVE-2016-4136, CVE-2016-4138).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171).
- These updates resolve a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-4140).
- These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2016-4139).
Adobe Flash Player is one of the applications that is managed and updated by ODS. If you are a current customer, ODS will automatically update your version of Adobe Flash Player over the next few days. ODS will deploy both the ActiveX version and the Plugin version. This ensures that Adobe Flash Player will function with web browsers including Internet Explorer, Firefox, and Chrome. The update will install silently. No user interaction is required. There are no additional fees or charges for ODS to update your version of Adobe Flash Player.
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at https://htechsolutions.biz/contact-us