I am a patch admin for a fortune 1000 company and need to make sure I'm getting this right. In the Adobe Security Bulletin 4/7/16 for APSB16-10 it states that:
"Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 184.108.40.2066 and earlier."
A little further down it also states: "Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 220.127.116.113".
We are on the Extended Support Release version of Flash and are currently patching up to version 18.104.22.1683. However, this version is prior to 22.214.171.1246 and my understanding is that it is still vulnerable to ransomware attacks according to the prior statement.
Can I please get an affirmation on whether or not version 126.96.36.1993 is vulnerable to ransomware as reported in CVE-2016-1019?
Thanks in advance for your time. Any advice is greatly appreciated.
- Michael Babb
The Extended Support Release is only updated to address security vulnerabilities, as such, version 188.8.131.523 is the latest ESR version that includes fixes for the vulnerabilities in that Security Bulletin.