Published on: 07 February 2018
Adobe has released a security update to address vulnerabilities found in the Adobe Flash Player. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted Flash file, web page or document that supports embedded Flash content.
Reports indicate that one of the vulnerabilities (CVE-2018-4878) is being exploited in the wild against Windows users. Users are advised to take immediate action to patch the affected systems since there is elevated risk of cyber attacks for the vulnerability.
Please also note that the Adobe announced that support for Adobe Flash will be ceased at the end of 2020 and no security updates will be provided after that. Users should arrange migrating to other supported technology.
A successful exploitation could lead to remote code execution and potentially take control of the affected system.
Upgrade Adobe Flash Player to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:
If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at
http://www.adobe.com/software/flash/about/
https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
https://www.hkcert.org/my_url/en/alert/18020201
https://www.us-cert.gov/ncas/current-activity/2018/02/06/Adobe-Releases-Security-Updates-Flash-Player
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4878