Despite being disabled by default on the latest version (version 56) of the extremely popular web browser Google Chrome, Adobe Flash Player still manages to survive. As the saying goes, it’s 2017 and Flash Player is still here. So what has Adobe been doing with Flash Player so far?
Flash Player 24
Adobe released a beta version of Flash Player 24 last year through Adobe Labs. This version is aimed at creating digital experiences that are not only rich but engaging. It contains features that allow cross-platform browser-based viewing of content, videos and rich internet applications across devices. Adobe also announced that they would be asking beta customers to provide input to help improve the quality of Flash Runtime.
We’re now into the second month of a new year and the current stable version for Windows, macOS, Linux and ChromeOS is version 24.0.0.194 which was released on January 10. Here are the compatibilities for Flash 24:
- Windows – Internet Explorer, Edge, Firefox, Chrome, Opera
- macOS – Firefox, Safari, Chrome, Opera
- Linux – Firefox, Chrome, Opera
- ChromeOS
Another preview release for Flash 24 was released on January 25. This time it’s version 24.0.0.213. A number of changes were made to fix errors and provide enhancements, and these include:
- Appropriate scaling of Flash content on high resolution displays in Firefox version 51
- Separate permissions for camera and microphone depending on whether HTTP or HTTPS is used
- Support for spherical videos (these are videos that have specific metadata attached; the new version will retrieve that data) on desktop and Android devices
Security Updates
There has only been one security update for Flash Player 24 in 2017 as of this writing. However, there have been two updates for this particular version overall.
- APSB16-39
This was released on December 13, 2016 and updated the following day. The update affected Windows, Macintosh, Linux and Chrome OS systems and addressed critical vulnerabilities that could enable attackers to gain control of a system. Exploits for one bug in particular, CVE-2016-7892, has been used for limited, targeted attacks against users who still run Internet Explorer in Windows.
A total of 17 issues were resolved in this release, four of which resolved use-after-free vulnerabilities that could trigger code execution. Another four resolved buffer overflow vulnerabilities while five addressed memory corruption vulnerabilities that could result in code execution. A security bypass vulnerability was also resolved.
The updated version for affected systems was 24.0.0.186.
- APSB17-02
This was released on January 10 and resolved 13 issues. The issues addressed here were also critical in nature. And just like the previous release, this update was meant for Windows, Macintosh, Linux and Chrome OS users.
This patch featured fixes for a security bypass vulnerability that could result in information disclosure; use-after-free vulnerabilities that could trigger code execution; heap buffer overflow vulnerabilities that could result in code execution; and memory corruption vulnerabilities that could trigger code execution.
At the end of the update process, new versions should be version 24.0.0.194.
Adobe Flash Player still exists in 2017 even when the most popular browser on earth has shifted to HTML5. Then again, a number of content creators still rely on the technology to deliver media content. Given the many security issues that Adobe faced with regards to its Flash Player, you must be a responsible user by always making sure you have the latest version.
Leave a Reply