Copy link to clipboard
Copied
Dear all,
Last year all security bulletins on Adobe Flash player security issues contained information on NPAPI, PPAPI and ActiveX for Windows platform. But now in all bulletins only PPAPI (Flash Player for Google Chrome) and ActiveX (Flash Player for IE/Edge) are mentioned as vulnerable. Can you tell whether Flash Player NPAPI is also vulnerable to issues mentioned, for example, here (Adobe Security Bulletin) and to other CVEs created this year?
Copy link to clipboard
Copied
Hi,
I'm not sure why the change was made, however, while NPAPI is not specifically called out, it is implied since the NPAPI plugins is supported on Windows, Mac, and Linux. The following table is excerpted from Adobe Security Bulletin and I've added the 4th column to describe each entry:
Product | Affected Versions | Platform | |
---|---|---|---|
Adobe Flash Player Desktop Runtime | 25.0.0.148 and earlier | Windows, and Linux | This is referring to the ActiveX Control, NPAPI, and PPAPI plugins for Windows and Linux. Normally, Macintosh would be listed here as well. It's separate this time due to the previous versions not being the same. |
Adobe Flash Player Desktop Runtime | 25.0.0.163 and earlier | Macintosh | This is referring to the NPAPI and PPAPI plugins for Macintosh. |
Adobe Flash Player for Google Chrome | 25.0.0.148 and earlier | Windows, Macintosh, Linux and Chrome OS | This is referring to the PPAPI plugin Google embeds in Chrome |
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 | 25.0.0.148 and earlier | Windows 10 and 8.1 | This is referring to the ActiveX Control Microsoft embeds in Internet Explorer and Edge. |
Hope this helps clarify the information.
--
Maria
Copy link to clipboard
Copied
Did I understand it right that NPAPI versions are vulnerable as well as PPAPI ones if I download Flah Player as a standalone app at Adobe Flash Player Install for all versions ?
Copy link to clipboard
Copied
The Security Bulletin applies to all Flash Player types (ActiveX Control, NPAPI, PPAPI), so yes, NPAPI, as well as PPAPI are vulnerable and Adobe recommends updating to the latest version for all Flash Player types.