Published on: 08 June 2018
Adobe and Microsoft have published security advisories about vulnerabilities found in the Adobe Flash Player. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted document with embedded malicious Flash content.
Reports indicate that one of the vulnerabilities (CVE-2018-5002) is being exploited in the wild against Windows users. Users are advised to take immediate action to patch the affected systems since there is elevated risk of cyber attacks for the vulnerability.
Please also note that the Adobe announced that support for Adobe Flash will be ceased at the end of 2020 and no security updates will be provided after that. Users should arrange migrating to other supported technology.
A successful exploitation could lead to information disclosure and remote code execution of the affected systems.
Upgrade Adobe Flash Player to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:
If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at
http://www.adobe.com/software/flash/about/
https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
https://www.hkcert.org/my_url/en/alert/18060801
https://www.us-cert.gov/ncas/current-activity/2018/06/07/Adobe-Releases-Security-Updates-Flash-Player
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000 (to CVE-2018-5002)