Just in from CA: Ya might want to make your audience aware that Adobe has released new versions of Flash player today that supersede those released on
[See the full post at: New version of Flash – thwarts Cerber ransomware]
![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
New version of Flash – thwarts Cerber ransomware
Home » Forums » Newsletter and Homepage topics » New version of Flash – thwarts Cerber ransomware
- This topic has 33 replies, 5 voices, and was last updated 9 years, 1 month ago by
rc primak.
Tags: Cerber Flash Player
AuthorTopicViewing 32 reply threadsAuthorReplies-
Jonathan
GuestApril 7, 2016 at 3:50 pm #44904Strange If I download directly on the Adobe Site, it always download the 21.0.0.197 version. I go to this adress for downloading the 21.0.0.213 version:
http://www.adobe.com/fr/products/flashplayer/distribution3.html
-
Ed
GuestApril 7, 2016 at 3:53 pm #44905I have IE-11 and Firefox on Windows 7 and it appears there’s a glitch at Adobe Flash’s update site?
When I verify my version from either browser it shows that 197 is installed and out of date, but clicking on the “Update Now” button shows 197 as the version available for download instead of 213.
Maybe we need to wait a while?
-
daniel
Guest -
woody
Manager -
David
GuestApril 7, 2016 at 6:21 pm #449084/7/16 7:15pm EDT The link posted…
http://neurogadget.com/2016/04/07/adobe-flash-player-emergency-patch-address-critical-vulnerability/27858gives me a warning from Avast. (Multi tries)
Object: http://neurogadget.net/ezoic/banger10.js?cb=90-0v=3PageSpeed=off line 1 > eval
Infection: JS:Redirector-BXI [Trj]
Process: C:Program Files (x86)Mozilla Firefoxfirefox.exeWhen I abort the connection from within the avast warning popup, it then connects to the news article. The URL appears exactly the same.
-
Bob Command
Guest -
Doug Schuessler
Guest -
Allan
Guest -
rc primak
GuestApril 7, 2016 at 8:56 pm #44912The Adobe Security Advisory says this vulnerability does not affect Flash Player 21.0.0.182 or higher. Version 21.0.0.197 should be safe. Version 21.0.0.213 was only a cosmetic update.
Windows 8.1 and Windows 10 users will not be updated for this vulnerability, as we are not the subjects of the advisory. Chrome is on a higher version, but as I noted elsewhere in this blog, the latest update is purely cosmetic, not a security update.
The advisory is dated April 5-6, 2016, so its info should be regarded as current.
The vulnerable versions of Flash Player were obsolete almost three weeks ago. Windows 10 users who allowed updates as of March 23, 2016 are safe.
-
daniel
Guest -
owburp
AskWoody PlusApril 7, 2016 at 9:28 pm #44914This is the Adobe page that I download Flash updates from:
https://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html
Scroll to the bottom of that webpage to get the direct links to download the latest version of Flash.
-
EP
AskWoody_MVPApril 7, 2016 at 10:20 pm #44915Try downloading the Flash Players again the next day.
I just downloaded the Flash Players in late afternoon Pacific Daylight Time of April 7 and they’re version 21.0.0.213.
If you’re using IE in either Win8.1 or Win10, you get no updates for Flash Player ActiveX for those OSes (maybe perhaps until April Patch Tuesday of April 12).
-
RCPete
GuestApril 7, 2016 at 10:33 pm #44916My auto dealership uses Flash as part of the bling on the opening page. Since we’re done buying a car, no biggie. The major use left for Flash is the Weather Service radar loop. A few years ago, they replaced an even scarier Java application with Flash. I enable it to view the loop, then turn Flash back off.
I’ve found the following URL to be sufficient to get the most current version:
https://get.adobe.com/flashplayer/This downloads the 1.1MB installer which handles the rest of the load. I usually save a copy and run the copy, since it’s a destructive read. Used to have a lot of failures when I was seriously bandwidth impaired. (Dialup, or the World’s Worst Library Connection.)
-
EstherD
GuestApril 8, 2016 at 12:31 am #44917Guess you haven’t read the latest Adobe security Bulletin, APSB16-10, released late today, Thu 07 Apr:
https://helpx.adobe.com/security/products/flash-player/apsb16-10.htmlBy my count, 21.0.0.213 patches at least 23 CVEs, *including* the one at issue here, namely CVE-2016-1019. Hardly a “cosmetic update”.
And contrary to your assertion, *both* the earlier advisory *and* today’s bulletin make it quite clear that this vulnerability affects, and is being exploited on, Win10 and *all* earlier Windows systems.
That said, the bug does appear to be mitigated by changes made in 21.0.0.182. Nevertheless, it is *still present* in 21.0.0.197. Therefore, it might be exploitable using a clever modification of the technique(s) currently being used by the in-the-wild exploit.
If so, you wanna bet that the bad boys won’t find it?
So, no, you do *not* want to skip this one!
-
Ed
Guest -
EstherD
GuestApril 8, 2016 at 12:46 am #44919Most likely a false positive from Avast, which in my experience is not all that uncommon.
VirusTotal detection: 0/67
(Interestingly, Avast is *not* one of the 67 programs on the test panel.)
You should report the possible false positive to Avast. Only way they’re going to improve is if users hold them accountable for their failures, both false negatives *and* false positives.
-
Ed
GuestApril 8, 2016 at 7:53 am #44920All due respect EstherD but rc primak was correct according to several articles I read, including the one published by PC World which states….
“Fortunately the exploit for CVE-2016-1019 observed in the wild only worked against Flash Player 20.0.0.306 and earlier. Users who had Flash Player 21.0.0.182, released in March, were protected because the exploit doesn’t properly execute on this version and only results in a crash.”
Full article here….
http://www.pcworld.com/article/3053090/security/adobe-fixes-24-vulnerabilities-in-flash-player-including-an-actively-exploited-one.html -
doktornotor
Guest -
J
Guest -
rc primak
Guest -
rc primak
Guest -
Bill
Guest -
Charlie
AskWoody Plus -
Seff
Guest -
rc primak
Guest -
rc primak
Guest -
rc primak
GuestApril 10, 2016 at 9:17 am #44930Try using the Flash Player Uninstaller, then run the installer again (may require a restart in between).
https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html
-
b
Guest -
Dave B.
Guest -
EP
AskWoody_MVPApril 12, 2016 at 2:44 pm #44933Microsoft Security Bulletin MS16-050 has been published around noon time of April 12 pacific time that now contains links to update Adobe Flash Player for IE & Edge on Windows 8.1 and Windows 10 systems:
https://technet.microsoft.com/library/security/MS16-050The updates are available as KB3154132 mentioned in Microsoft support KB article 3154132:
https://support.microsoft.com/en-us/kb/3154132 -
rc primak
GuestApril 13, 2016 at 1:53 am #44934From Flash Tester.org
( http://flashtester.org/ ) :“April 11, 2016. I got confirmation from Google that for Chrome on Windows, version 21.0.0.216 is the latest and greatest. A spokesperson for the company emailed me that they made updates and minor bug fixes to version 21.0.0.213. This despite all the Adobe documentation that says the latest version for Chrome is 21.0.0.213.”
“April 12, 2016. Google has made minor bug fixes to Flash so that Chrome on Windows, OS X and Chrome OS is newer than other browsers on those systems.”
From Me:
Very few details anywhere I’ve looked, but apparently the Chrome PPAPI plugin was again having some video rendering issues. This happened before with an earlier release of this version 21 series PPAPI plugin flash player for Chrome. So Chrome is out of step with all other browsers, on every operating system, including Mac, Linux and ChromeOS.Chrome Flash Player should update itself automatically, and this should result in a new Chrome Browser version being automatically installed.
Everyone else should by now be on Flash Player Version 21.0.0.213, except Linux (Firefox only) and Solaris users.
-
rc primak
Guest -
rc primak
Guest
Viewing 32 reply threads - This topic has 33 replies, 5 voices, and was last updated 9 years, 1 month ago by
-

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Identify a dynamic range to then be used in another formula
by
BigDaddy07
2 hours, 26 minutes ago -
InfoStealer Malware Data Breach Exposed 184 Million Logins and Passwords
by
Alex5723
11 hours, 15 minutes ago -
How well does your browser block trackers?
by
n0ads
6 hours, 3 minutes ago -
You can’t handle me
by
Susan Bradley
1 hour, 57 minutes ago -
Chrome Can Now Change Your Weak Passwords for You
by
Alex5723
6 hours, 55 minutes ago -
Microsoft: Over 394,000 Windows PCs infected by Lumma malware, affects Chrome..
by
Alex5723
22 hours, 37 minutes ago -
Signal vs Microsoft’s Recall ; By Default, Signal Doesn’t Recall
by
Alex5723
2 hours, 7 minutes ago -
Internet Archive : This is where all of The Internet is stored
by
Alex5723
23 hours, 1 minute ago -
iPhone 7 Plus and the iPhone 8 on Vantage list
by
Alex5723
23 hours, 6 minutes ago -
Lumma malware takedown
by
EyesOnWindows
11 hours, 22 minutes ago -
“kill switches” found in Chinese made power inverters
by
Alex5723
1 day, 7 hours ago -
Windows 11 – InControl vs pausing Windows updates
by
Kathy Stevens
1 day, 7 hours ago -
Meet Gemini in Chrome
by
Alex5723
1 day, 11 hours ago -
DuckDuckGo’s Duck.ai added GPT-4o mini
by
Alex5723
1 day, 12 hours ago -
Trump signs Take It Down Act
by
Alex5723
1 day, 20 hours ago -
Do you have a maintenance window?
by
Susan Bradley
41 minutes ago -
Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms
by
Nibbled To Death By Ducks
22 hours, 13 minutes ago -
Cox Communications and Charter Communications to merge
by
not so anon
1 day, 23 hours ago -
Help with WD usb driver on Windows 11
by
Tex265
7 hours, 43 minutes ago -
hibernate activation
by
e_belmont
2 days, 8 hours ago -
Red Hat Enterprise Linux 10 with AI assistant
by
Alex5723
2 days, 12 hours ago -
Windows 11 Insider Preview build 26200.5603 released to DEV
by
joep517
2 days, 15 hours ago -
Windows 11 Insider Preview build 26120.4151 (24H2) released to BETA
by
joep517
2 days, 15 hours ago -
Fixing Windows 24H2 failed KB5058411 install
by
Alex5723
1 day, 11 hours ago -
Out of band for Windows 10
by
Susan Bradley
2 days, 19 hours ago -
Giving UniGetUi a test run.
by
RetiredGeek
3 days, 2 hours ago -
Windows 11 Insider Preview Build 26100.4188 (24H2) released to Release Preview
by
joep517
3 days, 10 hours ago -
Microsoft is now putting quantum encryption in Windows builds
by
Alex5723
1 day, 6 hours ago -
Auto Time Zone Adjustment
by
wadeer
3 days, 14 hours ago -
To download Win 11 Pro 23H2 ISO.
by
Eddieloh
3 days, 12 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.