Security Alert (A18-03-03): Multiple Vulnerabilities in Adobe Flash Player


 

Published on: 14 March 2018

  
  

Description:

Adobe released a security update to address vulnerabilities found in the Adobe Flash Player. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted Flash file, web page or document that supports embedded Flash content.

Please also note that the Adobe announced that support for Adobe Flash will be ceased at the end of 2020 and no security updates will be provided after that. Users should arrange migrating to other supported technology.

 

Affected Systems:

  • Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux 28.0.0.161 and earlier versions
  • Adobe Flash Player for Google Chrome 28.0.0.161 and earlier versions
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 28.0.0.161 and earlier versions

 

Impact:

A successful exploitation could lead to remote code execution on an affected system.

 

Recommendation:

Upgrade Adobe Flash Player to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Adobe Flash Player Desktop Runtime 29.0.0.113 for Windows and Macintosh
    https://get.adobe.com/flashplayer/
    http://www.adobe.com/products/players/flash-player-distribution.html

  • Adobe Flash Player 29.0.0.113 for Google Chrome
    https://chromereleases.googleblog.com/

  • Adobe Flash Player 29.0.0.113 for Microsoft Edge and Internet Explorer 11
    https://portal.msrc.microsoft.com/en-us/security-guidance

  • Adobe Flash Player 29.0.0.113 for Linux
    https://get.adobe.com/flashplayer/

If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at

http://get.adobe.com/flashplayer/about/

 

More Information:

https://helpx.adobe.com/security/products/flash-player/apsb18-05.html
https://www.hkcert.org/my_url/en/alert/18031402
https://www.us-cert.gov/ncas/current-activity/2018/03/13/Adobe-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4920

 



Tag: Adobe , Flash Player
Tags