Adobe Flash Player for Mac <= 20.0.0.306 Multiple Vulnerabilities (APSB16-08)

Critical Nessus Plugin ID 89870

Synopsis

The remote Mac OS X host has a browser plugin installed that is affected by multiple vulnerabilities.

Description

The version of Adobe Flash Player installed on the remote Mac OS X host is prior or equal to version 20.0.0.306. It is, therefore, affected by multiple vulnerabilities :

- Multiple integer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010)

- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000)

- A heap overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1001)

- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, CVE-2016-1005)

Solution

Upgrade to Adobe Flash Player version 21.0.0.182 or later.

Alternatively, Adobe has made version 18.0.0.333 available for those installations that cannot be upgraded to the latest version.

CVE: CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010

BID: 84308, 84310, 84311, 84312

Adobe Flash Player for Mac <= 20.0.0.306 Multiple Vulnerabilities (APSB16-08)

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Reference Information