Adobe Flash Player for Mac <= 20.0.0.306 Multiple Vulnerabilities (APSB16-08)
Critical Nessus Plugin ID 89870
Synopsis
The remote Mac OS X host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The version of Adobe Flash Player installed on the remote Mac OS X host is prior or equal to version 20.0.0.306. It is, therefore, affected by multiple vulnerabilities :
- Multiple integer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010)
- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000)
- A heap overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1001)
- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, CVE-2016-1005)
Solution
Upgrade to Adobe Flash Player version 21.0.0.182 or later.
Alternatively, Adobe has made version 18.0.0.333 available for those installations that cannot be upgraded to the latest version.