I am a patch admin for a fortune 1000 company and need to make sure I'm getting this right. In the Adobe Security Bulletin 4/7/16 for APSB16-10 it states that:
"Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 220.127.116.116 and earlier."
A little further down it also states: "Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.104.22.1683".
We are on the Extended Support Release version of Flash and are currently patching up to version 22.214.171.1243. However, this version is prior to 126.96.36.1996 and my understanding is that it is still vulnerable to ransomware attacks according to the prior statement.
Can I please get an affirmation on whether or not version 188.8.131.523 is vulnerable to ransomware as reported in CVE-2016-1019?
Thanks in advance for your time. Any advice is greatly appreciated.
- Michael Babb
The Extended Support Release is only updated to address security vulnerabilities, as such, version 184.108.40.2063 is the latest ESR version that includes fixes for the vulnerabilities in that Security Bulletin.