CVE-2016-0985
First published: Wed Feb 10 2016(Updated: )
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | <=11.2.202.559 | |
| Linux Kernel | ||
| Adobe Flash Player | <=20.0.0.286 | |
| Apple iOS and macOS | ||
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | <=18.0.0.326 | |
| Windows 10 | ||
| Microsoft Windows | ||
| Macromedia Flash Player | <=20.0.0.272 | |
| Macromedia Flash Player | <=20.0.0.286 | |
| Chrome OS | ||
| Macromedia Flash Player | <=20.0.0.272 | |
| Adobe AIR | <=20.0.0.233 | |
| Adobe AIR | <=20.0.0.233 | |
| iPhone OS | ||
| Android | ||
| Adobe AIR SDK & Compiler | <=20.0.0.233 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html
- http://rhn.redhat.com/errata/RHSA-2016-0166.html
- http://www.securitytracker.com/id/1034970
- https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
- https://security.gentoo.org/glsa/201603-07
- https://www.exploit-db.com/exploits/39461/
Frequently Asked Questions
What is the severity of CVE-2016-0985?
CVE-2016-0985 is classified as a critical vulnerability that allows attackers to execute arbitrary code.
How do I fix CVE-2016-0985?
To resolve CVE-2016-0985, update Adobe Flash Player to version 18.0.0.329 or later for affected versions.
Which versions are affected by CVE-2016-0985?
CVE-2016-0985 affects Adobe Flash Player versions prior to 18.0.0.329, 19.x, and 20.x before 20.0.0.306 on Windows and macOS, along with prior versions of Adobe AIR.
What are the potential impacts of CVE-2016-0985?
Exploitation of CVE-2016-0985 may lead to unauthorized access, data theft, or widespread system compromise.
Is there an official patch for CVE-2016-0985?
Yes, Adobe released patches for CVE-2016-0985 in their updates for Flash Player and AIR, which should be applied immediately.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/weakness
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/11.2.202.559
- vendor/linux
- canonical/linux kernel
- canonical/adobe flash player
- version/adobe flash player/20.0.0.286
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows operating system
- version/macromedia flash player/18.0.0.326
- canonical/windows 10
- canonical/microsoft windows
- version/macromedia flash player/20.0.0.272
- version/macromedia flash player/20.0.0.286
- vendor/google
- canonical/chrome os
- canonical/adobe air
- version/adobe air/20.0.0.233
- canonical/iphone os
- canonical/android
- canonical/adobe air sdk & compiler
- version/adobe air sdk & compiler/20.0.0.233