Flash Player NPAPI security issues

Question

Dear all,Last year all security bulletins on Adobe Flash player security issues contained information on NPAPI, PPAPI and ActiveX for Windows platform. But now in all bulletins only PPAPI (Flash Player for Google Chrome) and ActiveX (Flash Player for IE/Edge) are mentioned as vulnerable. Can you tell whether Flash Player NPAPI is also vulnerable to issues mentioned, for example, here (Adobe Security Bulletin) and to other CVEs created this year?

_maria_ · Answer

Hi,I'm not sure why the change was made, however, while NPAPI is not specifically called out, it is implied since the NPAPI plugins is supported on Windows, Mac, and Linux. The following table is excerpted from Adobe Security Bulletin​ and I've added the 4th column to describe each entry:ProductAffected VersionsPlatform Adobe Flash Player Desktop Runtime25.0.0.148 and earlierWindows, and LinuxThis is referring to the ActiveX Control, NPAPI, and PPAPI plugins for Windows and Linux. Normally, Macintosh would be listed here as well. It's separate this time due to the previous versions not being the same.Adobe Flash Player Desktop Runtime25.0.0.163 and earlierMacintosh This is referring to the NPAPI and PPAPI plugins for Macintosh.Adobe Flash Player for Google Chrome25.0.0.148 and earlierWindows, Macintosh, Linux and Chrome OSThis is referring to the PPAPI plugin Google embeds in ChromeAdobe Flash Player for Microsoft Edge and Internet Explorer 1125.0.0.148 and earlierWindows 10 and 8.1This is referring to the ActiveX Control Microsoft embeds in Internet Explorer and Edge.Hope this helps clarify the information.--Maria

Product	Affected Versions	Platform
Adobe Flash Player Desktop Runtime	25.0.0.148 and earlier	Windows, and Linux	This is referring to the ActiveX Control, NPAPI, and PPAPI plugins for Windows and Linux. Normally, Macintosh would be listed here as well. It's separate this time due to the previous versions not being the same.
Adobe Flash Player Desktop Runtime	25.0.0.163 and earlier	Macintosh	This is referring to the NPAPI and PPAPI plugins for Macintosh.
Adobe Flash Player for Google Chrome	25.0.0.148 and earlier	Windows, Macintosh, Linux and Chrome OS	This is referring to the PPAPI plugin Google embeds in Chrome
Adobe Flash Player for Microsoft Edge and Internet Explorer 11	25.0.0.148 and earlier	Windows 10 and 8.1	This is referring to the ActiveX Control Microsoft embeds in Internet Explorer and Edge.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded