JPCERT-AT-2016-0008
                                                             JPCERT/CC
                                                            2016-02-10

                  <<< JPCERT/CC Alert 2016-02-10 >>>

       Vulnerabilities in Adobe Flash Player (APSB16-04)

        https://www.jpcert.or.jp/english/at/2016/at160008.html


I. Overview

  Adobe Flash Player contains multiple vulnerabilities. A remote
attacker may cause Adobe Flash Player to crash or execute arbitrary
code by convincing a user to open specially crafted contents
leveraging these vulnerabilities. For more information on the
vulnerabilities, please refer to the information provided by
Adobe Systems.

    Security Updates Available for Adobe Flash Player
    https://helpx.adobe.com/security/products/flash-player/apsb16-04.html


II. Affected Products

  The following versions are affected by these vulnerabilities:

  - Adobe Flash Player 20.0.0.286 and earlier
    (Internet Explorer, Google Chrome, Mozilla Firefox etc.)
  - Adobe Flash Player 20.0.0.272 and earlier
    (Internet Explorer 11 (Windows 8.1, Windows 10), Microsoft Edge)


III. Solution

  Please update Adobe Flash Player to the latest version listed below:

  - Adobe Flash Player 20.0.0.306
    (Internet Explorer, Microsoft Edge, Google Chrome, Mozilla Firefox etc.)

  Users can check the version of Adobe Flash Player that they are
using at the following link:

    Adobe Flash Player Download Center
    https://get.adobe.com/flashplayer/

  Note that the following browsers contain Adobe Flash Player by default.

  - Internet Explorer 11 (Windows 8.1 and Windows 10)
  - Microsoft Edge (Windows 10)
  - Google Chrome

  For Internet Explorer 11 and Microsoft Edge, the latest version of 
Adobe Flash Player will be applied through Windows Update etc.
Also, the latest version of Adobe Flash Player will be updated when
Google Chrome is updated. For more information, please refer to 
the following:

    Adobe Flash Player Download Center
    https://get.adobe.com/flashplayer/

    Microsoft Security Advisory
    Security Update for Adobe Flash Player (3135782)
    https://technet.microsoft.com/en-us/library/security/MS16-022

    Google Chrome Releases
    Stable Channel Update
    http://googlechromereleases.blogspot.jp/2016/02/stable-channel-update_9.html

  Users can check the version of Adobe Flash Player that they are
using at the following link:

    Adobe Flash Player: Version Information
    https://www.adobe.com/software/flash/about/

  * Even if you use a web browser other than Internet Explorer, there is
    software that uses Adobe Flash Player installed for Internet
    Explorer, such as Microsoft Office, so please update Adobe Flash
    Player for Internet Explorer.


IV. References

    Microsoft Security Advisory
    Security Update for Adobe Flash Player (3135782)
    https://technet.microsoft.com/en-us/library/security/MS16-022

    Google Chrome Releases
    Stable Channel Update
    http://googlechromereleases.blogspot.jp/2016/02/stable-channel-update_9.html


  If you have any information regarding this alert, please contact
JPCERT/CC.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600  FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/