Copy link to clipboard
Copied
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html is ambiguous as to whether Flash Player 21.0.0.241 (the version released on 5/10/16 via Microsoft Security Bulletin MS16-064 for Internet Explorer 11 on Windows 8.1, & Internet Explorer 11 and Microsoft Edge on Windows 10) is vulnerable to CVE-2016-4117. In the bulletin, the Affected Versions table lists "21.0.0.213 and earlier" for Windows 8.1 and Windows 10; the Solution table lists the Updated Version as "21.0.0.242" for Windows 10 and 8.1.
What is the status of 21.0.0.241?
Also, it would help if the Affected Versions and Solution tables listed the products in the same manner - as of now they do not, and that makes it even more difficult to see what is really going on.
Garrett
Copy link to clipboard
Copied
Related: http://www.adobe.com/software/flash/about/ shows 21.0.0.241 as the current Flash Player version for Internet Explorer (embedded - Windows 8.1) - ActiveX and Edge (embedded - Windows 10) - ActiveX.
(And that's yet another way of listing the products, which is likely to lead to further confusion. Even though that's not my primary gripe here - consistency, please....)
Copy link to clipboard
Copied
Hi,
Sorry for the confusion between the two pages. They are both correct. The current ActiveX version for Windows 8.1/10 is 21.0.0.241, however, it doesn't contain the security fix. We expected Microsoft to release version 21.0.0.242 for Windows 8.1/10, however, don't have a firm date when they'll release it.
--
Maria
Copy link to clipboard
Copied
Thanks Maria. In that case, the Affected Versions table in apsb16-15 should be changed such that the Affected Versions for Windows 10 and Windows 8.1 is "21.0.0.241 and earlier" (instead of the current "21.0.0.213 and earlier", which is confusing and misleading).
Copy link to clipboard
Copied
correction/update to my previous post (quoted below):
The bulletin was indeed updated to include '21.0.0.241 and earlier' for Windows 8.1 and 10.
--
Maria
Hi,
I don't recall off-hand the versions listed on the table when the bulletin was first posted, but as of right now, it has version 21.0.0.241 and earlier. It's possible the table was updated at some point. A different team manages the posting of the bulletins, and I don't have insight into that process.
Product Affected Versions Platform Adobe Flash Player Desktop Runtime 21.0.0.226 and earlier Windows and Macintosh Adobe Flash Player Extended Support Release 18.0.0.343 and earlier Windows and Macintosh Adobe Flash Player for Google Chrome 21.0.0.216 and earlier Windows, Macintosh, Linux and ChromeOS Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.241 and earlier Windows 10 Adobe Flash Player for Internet Explorer 11 21.0.0.241 and earlier Windows 8.1 Adobe Flash Player for Linux 11.2.202.616 and earlier Linux AIR Desktop Runtime 21.0.0.198 and earlier Windows and Macintosh AIR SDK 21.0.0.198 and earlier Windows, Macintosh, Android and iOS AIR SDK & Compiler 21.0.0.198 and earlier Windows, Macintosh, Android and iOS --
Maria