Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

Out-of-Band Critical Updates for Adobe Flash Player

by Carol~ Oct 27, 2016 5:02PM PDT
Release date: October 26, 2016

Vulnerability identifier: APSB16-36

Priority: See Bulletin

CVE number: CVE-2016-7855

Platform: Windows, Macintosh, Linux and Chrome OS

Summary:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.

Affected Versions, Solutions and Vulnerability Details included in the Bulletin :
https://helpx.adobe.com/security/products/flash-player/apsb16-36.html

*******
NOTE: If using the Adobe Flash Player Download Center, please be aware of any pre-checked optional downloads. Flash Player will run properly without them.

Discussion is locked

6 Posts
- Collapse + Expand Details
- Collapse -
Related ...
by Carol~ Oct 27, 2016 5:19PM PDT
- Collapse -
A question
by TONI H Oct 29, 2016 4:25AM PDT

I went to a website I go to regularly this morning and was informed that I had an old version of FlashPlayer and that Avant (the browser I use for that site only) couldn't load the page until I installed the latest version....and the site provided the link to get it updated. It took me to the Adobe site, downloaded and installed the update with a reboot of the system. I got to the site again, everything was fine until about ten minutes into it, when a new popup page came up over the site page, and all it said was "TrueKey". I closed the popup, closed the webpage, and saw a shortcut link on my desktop that also said "TrueKey". I did a search and found it to be an installation of the "Intel Security TrueKey" app, that I never installed but after a search on Bing, it appears to be a 'password protector' program. Went to the Start Menu and found the newly installed app, and uninstalled it immediately, with a new reboot, and it was gone.

Ran a Malware Bytes system scan, which found a 'pup' and got rid of that as well...and a new reboot.

All seems well, and came here to ask about this and found your thread....checked my version for Edge, Firefox, and Avant (controlled mainly by Chrome), and I have the .205 version mentioned in your post as the newest correct version.

So, my question, finally, is should I go to Adobe and run their program again? And another couple of questions, what in hell is TrueKey and can I assume I'm 'clean' of it after the uninstall, and how did it get to me in the first place?

- Collapse -
TrueKey Is An Intel Security App And It Came with Adobe's DL
by Grif Thomas Forum moderator Oct 29, 2016 11:42AM PDT

Adobe Flash sends all sorts of goodies along with the website download.. And unless you watch carefully, it installs like a bad penny. Now that you've uninstalled TrueKey, it should be gone as it's not really malware but most don't need it.

In my case, for operating systems before Windows 8/10 and for browsers such as Firefox, I don't do the typical download of Flash, instead I use the direct download links below to download the uninstaller and installers for Flash. They are the offline installers for Flash and don't tend to have the same junkware attached, but I still watch carefully during the install.

First, uninstall Flash by using the Flash Uninstaller at the link below..
http://helpx.adobe.com/en/flash-player/kb/uninstall-flash-player-windows.html

After that's done, then download and run the appropriate manual Flash player installer from the link below. If running two browsers, you may need both installers.

Flash Player for IE 32& 64 bit:
https://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_23_active_x.exe

Flash Player for Non-IE browser (Opera, Firefox etc):
https://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_23_plugin.exe

Hope this helps.

Grif

- Collapse -
Thanks, hon
by TONI H Oct 31, 2016 6:30AM PDT

I always watch for 'hidden' install programs, like Google et al, and never saw anything with FlashPlayer this time, which was why I was wondering about this. Since I have Intel hardware stuff on this computer, I wondered also if Intel itself brought this in as an 'update', but I guess they are behaving themselves. Thanks again for the explanation, but it would have been nice to have had the option to opt out of any additional installations from Adobe.

- Collapse -
(NT) Yep, Agreed About Opt Out....
by Grif Thomas Forum moderator Oct 31, 2016 11:09AM PDT
- Collapse -
Re: Truekey
by Kees_B Forum moderator Nov 1, 2016 1:51PM PDT

When I updated Adobe Flash in Firefox today, the very first screen (before it even downloaded) had two checkboxes: one for a McAfee security product, and one for Intels Truekey (seems like some sort of password manager). I unchecked the 2 boxes and those programs didn't install.

Maybe you forgot to uncheck?

Kees

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info