Adobe Flash Player version 21.0.0.182 has been released by Adobe Systems. Adobe Flash Player is a cross-platform browser-based application runtime that is required for viewing of certain applications, content, and videos.
Fixed Issues
- Browser freezes on playing a gaming SWF [4109643]
-
Flash content freezes in a game developed in ActionScript2 [4109228
-
OOM observed in an educational program [4111701]
-
gotoAndStop works incorrectly [4109904]
-
Windows 10 Firefox: Mic access not working [4040485]
New Features
GPU Memory Information In Context3D
When a Context3D object is created, developers allocate memory for various Stage3D structures which includes index buffers, vertex buffers, textures, and programs. Prior to Flash and AIR 21, the only way to verify the memory allocated by the current Context3D is through values displayed by Scout. With the release of Flash Player and AIR 21, a new property of context3D class called “totalGPUMemory” has been introduced which provides the sum of gpu memory used by the index buffers, vertex buffers, textures, and programs created through Context3D.
The total value can be obtained by property “Context3D.totalGPUMemory;”.
The value of this property is in bytes and its default value is 0. The information is only provided in direct mode on mobile and in direct and gpu mode on desktop (On desktop computers, using <renderMode>gpu</renderMode> will fallback to<renderMode>direct</renderMode>). This property can be used when the SWF version is 32 or more.
Support for Browser Zoom Factor in Firefox
We’ve extended the support for Browser Zoom Feature that proposes scaling of Flash content in the web browser in response to web page zoom factor change. This feature is already available for the ActiveX and PPAPI plugin (link).
It will be available from Flash Player version 21 on wards and is currently available on Firefox Nightly 45.0a1, the official Firefox version supporting the feature has yet to be announced.
Simplified LSO UI
Flash player provides an per domain/swf option to store locally shared objects on user’s system. In the past, users could specify the size up to which a domain or SWF could save their LSOs on their machine. We have now simplified the LSO UI Options. This Simple LSO feature will change the permission scheme and related dialogs to only allow/deny and universally imposes a rational upper limit to the LSO size. End users will no longer be able to specify the size of LSOs (but will be able to approve if LSOs can be created or not).
For a full list of features in Flash Player and AIR, including features introduced in previous releases, please review the document here
Known Issues
- BitmapData.draw does not position Sprites with 3D transforms correctly when Sprites are clipped by a ScrollRect [4101814]
Security Updates
Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks.
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows update to 21.0.0.182 via the update mechanism within the product when prompted, or by visiting the Adobe Flash Player Download Center
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.182 for Windows.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.182.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.182.
Vulnerability Details
- These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).
- These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2016-1001).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, CVE-2016-1005).
Adobe Flash Player is one of the applications that is managed and updated by ODS. If you are a current customer, ODS will automatically update your version of Adobe Flash Player over the next few days. ODS will deploy both the ActiveX version and the Plugin version. This ensures that Adobe Flash Player will function with web browsers including Internet Explorer, Firefox, and Chrome. The update will install silently. No user interaction is required. There are no additional fees or charges for ODS to update your version of Adobe Flash Player.