Adobe Flash Player version 18.0.0.203 has been released by Adobe Systems. Adobe Flash Player is a cross-platform browser-based application runtime that is required for viewing of certain applications, content, and videos.
Fixed Issues
- Hardware accelerated 3D content does not render in recent versions of Firefox on some Graphics cards [3937398]
- Profile baseline_constraint is not drawing directly into the backbuffer on IE [4010443]
- Increase the number of allowed StageVideo instances to 8. [4006329]
Known Issues
- [DRM] Protected video displays error code “3315” instead of “3305” on Windows 10 Active X(4012174)
- [DRM] Protected video DRM 3328 error code may display the incorrect sub-error-code, such as 1000058 instead of 404
- [DRM] Protected video can get into a state where all Output Protection errors return a 3338 instead of the proper output-protection error code.
Security Updates
Adobe has released security updates for Adobe Flash Player for Windows. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published.
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows update to Adobe Flash Player 18.0.0.203.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 18.0.0.203 on Windows.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.203
- These updates improve memory address randomization of the Flash heap for the Window 7 64-bit platform (CVE-2015-3097).
- These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431, CVE-2015-5124).
- These updates resolve null pointer dereference issues (CVE-2015-3126, CVE-2015-4429).
- These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3114).
- These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433).
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119).
- These updates resolve vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116).
Adobe Flash Player is one of the applications that is managed and updated by ODS. If you are a current customer, ODS will automatically update your version of Adobe Flash Player over the next few days. ODS will deploy both the ActiveX version and the Plugin version. This ensures that Adobe Flash Player will function with web browsers including Internet Explorer, Firefox, Chrome, Safari, and Opera. The update will install silently. No user interaction is required. There are no additional fees or charges for ODS to update your version of Adobe Flash Player.
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at https://htechsolutions.biz/contact-us