Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Critical Flash Player Update APSB16-36 - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical Flash Player Update APSB16-36

Adobe today released a critical update for Flash Player. The update was released outside of Adobe's regular patch cycle. [1]

The singled vulnerability fixed by this update, CVE-2016-7855, has already been exploited in targeted attacks against Windows.

Windows, Linux and Mac versions are affected, including versions embedded in Chrome and Edge/Internet Explorer 11. 

Please expedite this update, and review that Flash does not start automatically in your browser but only if enabled by the user for a specific site. Consider removing Flash whenever possible.




Johannes B. Ullrich, Ph.D.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022


4506 Posts
ISC Handler
Oct 26th 2016
Note that the ESR (i.e. version 18) was discontinued and got NO fix!
are you telling us that .205 has already been exploited but it's the latest update available?
As I read the Adobe announcement .205 is the patch, the vulnerability exists in .185 and earlier

Sign Up for Free or Log In to start participating in the conversation!