Locked

Flash Player NPAPI security issues

New Here ,
Jun 05, 2017 Jun 05, 2017

Copy link to clipboard

Copied

Dear all,

Last year all security bulletins on Adobe Flash player security issues contained information on NPAPI, PPAPI and ActiveX for Windows platform. But now in all bulletins only PPAPI (Flash Player for Google Chrome) and ActiveX (Flash Player for IE/Edge) are mentioned as vulnerable. Can you tell whether Flash Player NPAPI is also vulnerable to issues mentioned, for example, here (Adobe Security Bulletin) and to other CVEs created this year?

Views

1.7K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Jun 05, 2017 Jun 05, 2017

Copy link to clipboard

Copied

Hi,

I'm not sure why the change was made, however, while NPAPI is not specifically called out, it is implied since the NPAPI plugins is supported on Windows, Mac, and Linux.  The following table is excerpted from Adobe Security Bulletin​ and I've added the 4th column to describe each entry:

ProductAffected VersionsPlatform
Adobe Flash Player Desktop Runtime25.0.0.148 and earlierWindows, and LinuxThis is referring to the ActiveX Control, NPAPI, and PPAPI plugins for Windows and Linux.  Normally, Macintosh would be listed here as well.  It's separate this time due to the previous versions not being the same.
Adobe Flash Player Desktop Runtime25.0.0.163 and earlierMacintosh This is referring to the NPAPI and PPAPI plugins for Macintosh.
Adobe Flash Player for Google Chrome25.0.0.148 and earlierWindows, Macintosh, Linux and Chrome OSThis is referring to the PPAPI plugin Google embeds in Chrome
Adobe Flash Player for Microsoft Edge and Internet Explorer 1125.0.0.148 and earlierWindows 10 and 8.1This is referring to the ActiveX Control Microsoft embeds in Internet Explorer and Edge.

Hope this helps clarify the information.

--

Maria

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 05, 2017 Jun 05, 2017

Copy link to clipboard

Copied

Did I understand it right that NPAPI versions are vulnerable as well as PPAPI ones if I download Flah Player as a standalone app at Adobe Flash Player Install for all versions ?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Jun 05, 2017 Jun 05, 2017

Copy link to clipboard

Copied

LATEST

The Security Bulletin applies to all Flash Player types (ActiveX Control, NPAPI, PPAPI), so yes, NPAPI, as well as PPAPI are vulnerable and Adobe recommends updating to the latest version for all Flash Player types.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines