Published on: 11 April 2018
Adobe released a security update to address vulnerabilities found in the Adobe Flash Player. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted Flash file, web page or document that supports embedded Flash content.
Please also note that the Adobe announced that support for Adobe Flash will be ceased at the end of 2020 and no security updates will be provided after that. Users should arrange migrating to other supported technology.
A successful exploitation could lead to remote code execution or information disclosure on an affected system.
Upgrade Adobe Flash Player to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:
If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at:
http://get.adobe.com/flashplayer/about/
https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
https://www.hkcert.org/my_url/en/alert/18041102
https://www.us-cert.gov/ncas/current-activity/2018/04/10/Adobe-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4932 (to CVE-2018-4937)