1. https://appdevelopermagazine.com/security
  2. https://appdevelopermagazine.com/out-of-band-update-for-flash/
3/23/2016 3:00:57 PM
Out of Band Update for Flash
Patch Tuesday Update,Malicious Flash Content,Verismic Software
/Out-of-Band-Update-for-Flash-App-Developer-Magazine_ki9ohbkr.jpg
App Developer Magazine

Security

Out of Band Update for Flash


Wednesday, March 23, 2016

James Rowney James Rowney


MS16-036 is a critical out of band update and resolves 20 vulnerabilities in Adobe Flash Player on all supported versions of Windows Server 2012, Windows Server 2012 R2, Windows 8.1, Windows RT 8.1, and Windows 10. 

This bulletin addresses vulnerabilities by updating the Adobe Flash libraries contained within all supported versions of Internet Explorer and Microsoft Edge. We recommend that this update be installed with the highest priority.
 
A successful attacker will exploit this vulnerability to gain Remote Code Execution giving them full access to the targeted device. The vulnerabilities can be exploited by redirecting users to malicious websites specifically set up for the purpose of attack using Search Engine Poisoning, hacking legitimate websites and email documents, PDF, Word etc. with malicious Flash content. 
 
This update, in my opinion, should be a business’s highest priority and therefore should be deployed with the utmost urgency. Flash exploits are increasingly becoming the vulnerability of choice, and with the wide spread use of the application, this means we are all exposed. My advice would be to uninstall Flash, Silverlight and Java browser extensions, and test to see if they are really necessary.
 
Microsoft published on Monday, March 7 that 14 vulnerabilities would be released in this month’s Patch Tuesday updates, but only 13 made it through. MS16-036 was held back at the last minute due to the discovery of CVE-2016-1010. The zero-day vulnerability was discovered by Anton Ivanov of Kaspersky Labs, but no additional details have been released.
 
In an e-mail, a Kaspersky representative wrote: “Today Adobe released the security bulletin APSB16-08, crediting Kaspersky Lab for reporting CVE-2016-1010. The vulnerability could potentially allow an attacker to take control of the affected system. Kaspersky Lab researchers observed the usage of this vulnerability in a very limited number of targeted attacks. At this time, we do not have any additional details to share on these attacks as the investigation is still ongoing. Even though these attacks are rare, we recommend that everyone get the update from the Adobe site as soon as possible.”
 
Additional Information

Should you have the need to install any language packs then this update will need to be reapplied, Verismic Software advises that any pending language pack installs are applied prior to installing MS16-036.
 
Vulnerability Information

This security bulletin addresses the following vulnerabilities which are described in Adobe Security Bulletin APSB16-08: CVE-2015-8652, CVE-2015-8655, CVE-2015-8658, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-1001, CVE-2016-1005, CVE-2016-1010
 
For further information, see Microsoft Knowledge Base Article 3144756.


Out of Band Update for Flash




Read more: http://www.cloudmanagementsuite.com/




This content is made possible by a guest author, or sponsor; it is not written by and does not necessarily reflect the views of App Developer Magazine's editorial staff.

Subscribe to App Developer Magazine

Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.

MEMBERS GET ACCESS TO

  • - Exclusive content from leaders in the industry
  • - Q&A articles from industry leaders
  • - Tips and tricks from the most successful developers weekly
  • - Monthly issues, including all 90+ back-issues since 2012
  • - Event discounts and early-bird signups
  • - Gain insight from top achievers in the app store
  • - Learn what tools to use, what SDK's to use, and more

    Subscribe here



Stay Updated

Sign up for our newsletter for the headlines delivered to you

SuccessFull SignUp

Featured Stories


AI Executive Order aims to balance security and innovation
AI Executive Order aims to balance security and innovation Monday, June 29, 2026


Top manufacturing trends for 2026
Top manufacturing trends for 2026 Tuesday, June 23, 2026


API scoring tool shows if your API is ready for AI
API scoring tool shows if your API is ready for AI Monday, June 22, 2026




Agentic AI Reality Check: The Million-Dollar Mistake Hiding Inside ERP
Agentic AI Reality Check: The Million-Dollar Mistake Hiding Inside ERP Friday, June 19, 2026


Influencer Debate AI Anthropic IPO Reveals Industry Concerns
Influencer Debate AI Anthropic IPO Reveals Industry Concerns Wednesday, June 17, 2026


Subscription apps are losing users faster than ever
Subscription apps are losing users faster than ever Tuesday, June 16, 2026


DomainTools announces real time threat feeds
DomainTools announces real time threat feeds Monday, June 15, 2026


Take It Down Act results in warning letters from FTC
Take It Down Act results in warning letters from FTC Friday, June 12, 2026


Nvidia valuation fears grow
Nvidia valuation fears grow Friday, June 12, 2026


Anthropic launches Claude Design
Anthropic launches Claude Design Wednesday, June 10, 2026


Get More App News