High Threat Security Alert (A18-12-01): Multiple Vulnerabilities in Adobe Flash Player


 

Published on: 06 December 2018

  
  

Description:

Adobe released a security update to address some vulnerabilities found in the Adobe Flash Player. To exploit the vulnerabilities, a remote attacker would entice a targeted user to open a specially crafted Flash file, web page, or document with embedded malicious Flash content.

Reports indicate that one of the vulnerabilities (CVE-2018-15982) is being exploited in the wild. Users are advised to take immediate action to patch the affected systems since there is elevated risk of cyber attacks for the vulnerability.

Please also note that Adobe announced that the support for Adobe Flash will be ceased at the end of 2020 and no security updates will be provided after that. Users should arrange migrating to other supported technologies.

 

Affected Systems:

  • Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux 31.0.0.153 and earlier versions
  • Adobe Flash Player for Google Chrome 31.0.0.153 and earlier versions
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 31.0.0.153 and earlier versions
  • Adobe Flash Player installer for Windows 31.0.0.108 and earlier versions

 

Impact:

A successful exploitation could lead to arbitrary code execution and privilege escalation on an affected system.

 

Recommendation:

Upgrade Adobe Flash Player to the following versions to address the issue. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Adobe Flash Player Desktop Runtime 32.0.0.101 for Windows and Macintosh
    https://get.adobe.com/flashplayer/
    https://www.adobe.com/products/players/flash-player-distribution.html

  • Adobe Flash Player 32.0.0.101 for Google Chrome
    https://chromereleases.googleblog.com/

  • Adobe Flash Player 32.0.0.101 for Microsoft Edge and Internet Explorer 11
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180031

  • Adobe Flash Player 32.0.0.101 for Linux
    https://get.adobe.com/flashplayer/

  • Adobe Flash Player installer 31.0.0.122 for Windows
    https://get.adobe.com/flashplayer/
    https://www.adobe.com/products/players/flash-player-distribution.html

If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at
http://www.adobe.com/software/flash/about/

 

More Information:

https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15983

 



Tag: Adobe , Flash Player
Tags