Security Alert (A19-05-08): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat


 

Published on: 15 May 2019

  
  

Description:

Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities. To exploit the vulnerabilities, a remote attacker would entice a targeted user to open a specially crafted PDF file, web page, Flash file, or document with embedded malicious Flash content.

Please note that Adobe announced that the support for Adobe Flash will be ceased at the end of 2020 and no security updates will be provided after that. Users should arrange migrating to other supported technology.

 

Affected Systems:

  • Adobe Flash Player Desktop Runtime for Windows, macOS and Linux 32.0.0.171 and earlier
  • Adobe Flash Player for Google Chrome for Windows, macOS, Linux and Chrome OS 32.0.0.171 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 32.0.0.171 and earlier
  • Acrobat DC Continuous for Windows and macOS 2019.010.20100 and earlier versions
  • Acrobat Reader DC Continuous for Windows and macOS 2019.010.20099 and earlier versions
  • Acrobat 2017 Classic 2017 for Windows and macOS 2017.011.30140 and earlier version
  • Acrobat Reader 2017 Classic 2017 for Windows and macOS 2017.011.30138 and earlier version
  • Acrobat DC Classic 2015 for Windows and macOS 2015.006.30495 and earlier versions
  • Acrobat Reader DC Classic 2015 for Windows and macOS 2015.006.30493 and earlier versions

 

Impact:

Depending on the vulnerability exploited, a successful exploitation could lead to arbitrary code execution or information disclosure on an affected system.

 

Recommendation:

Users of affected systems should update the Adobe Flash Player and Adobe Reader/Acrobat to the following versions to address the issues.  The updates can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Adobe Flash Player Desktop Runtime for Windows, macOS and Linux 32.0.0.192
    https://get.adobe.com/flashplayer/
    https://www.adobe.com/products/players/flash-player-distribution.html

  • Adobe Flash Player for Google Chrome for Windows, macOS, Linux, and Chrome OS 32.0.0.192
    https://chromereleases.googleblog.com/

  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 32.0.0.192
    https://portal.msrc.microsoft.com/en-US/security-guidance

  • Acrobat DC Continuous for Windows and macOS 2019.012.20034
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

  • Acrobat Reader DC Continuous for Windows and macOS 2019.012.20034
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

  • Acrobat 2017 Classic 2017 for Windows and macOS 2017.011.30142
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

  • Acrobat Reader 2017 Classic 2017 for Windows and macOS 2017.011.30142
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

  • Acrobat DC Classic 2015 for Windows and macOS 2015.006.30497
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

  • Acrobat Reader DC Classic 2015 for Windows and macOS 2015.006.30497
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

If you have multiple browsers, you are required to perform the Adobe Flash Player update for each browser, the Flash Player version can be checked at:
http://www.adobe.com/software/flash/about/

 

More Information:

https://helpx.adobe.com/security/products/flash-player/apsb19-26.html
https://helpx.adobe.com/security/products/acrobat/apsb19-18.html
https://www.hkcert.org/my_url/en/alert/19051502
https://www.us-cert.gov/ncas/current-activity/2019/05/14/Adobe-Releases-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7140 (to CVE-2019-7145)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7758 (to CVE-2019-7814)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7817 (to CVE-2019-7833)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7835 (to CVE-2019-7837)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7841

 



Tag: Adobe , Acrobat , Acrobat Reader , Adobe Reader , Flash Player
Tags