I am a patch admin for a fortune 1000 company and need to make sure I'm getting this right. In the Adobe Security Bulletin 4/7/16 for APSB16-10 it states that:
"Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 18.104.22.1686 and earlier."
A little further down it also states: "Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 22.214.171.1243".
We are on the Extended Support Release version of Flash and are currently patching up to version 126.96.36.1993. However, this version is prior to 188.8.131.526 and my understanding is that it is still vulnerable to ransomware attacks according to the prior statement.
Can I please get an affirmation on whether or not version 184.108.40.2063 is vulnerable to ransomware as reported in CVE-2016-1019?
Thanks in advance for your time. Any advice is greatly appreciated.
- Michael Babb
The Extended Support Release is only updated to address security vulnerabilities, as such, version 220.127.116.113 is the latest ESR version that includes fixes for the vulnerabilities in that Security Bulletin.