Security Alert (A19-09-04): Multiple Vulnerabilities in Adobe Flash Player


 

Published on: 11 September 2019

  
  

Description:

Security updates are released for Adobe Flash Player to address the vulnerabilities. To exploit the vulnerabilities, a remote attacker would entice a targeted user to open a specially crafted web page, Flash file, or document with embedded malicious Flash content.

Please note that Adobe announced that the support for Adobe Flash will be ceased at the end of 2020 and no security updates will be provided after that. Users should arrange migrating to other supported technology.

 

Affected Systems:

  • Adobe Flash Player Desktop Runtime for Windows, macOS and Linux 32.0.0.238 and earlier
  • Adobe Flash Player for Google Chrome for Windows, macOS, Linux and Chrome OS 32.0.0.238 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 32.0.0.207 and earlier

 

Impact:

A successful exploitation could lead to arbitrary code execution on an affected system.

 

Recommendation:

Users of affected systems should update the Flash Player to the following versions to address the issues.  The updates can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Adobe Flash Player Desktop Runtime for Windows, macOS and Linux 32.0.0.255
    https://get.adobe.com/flashplayer/
    https://www.adobe.com/products/players/flash-player-distribution.html

  • Adobe Flash Player for Google Chrome for Windows, macOS, Linux, and Chrome OS 32.0.0.255
    https://chromereleases.googleblog.com/

  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 32.0.0.255
    https://portal.msrc.microsoft.com/en-US/security-guidance

If you have multiple browsers, you are required to perform the Adobe Flash Player update for each browser, the Flash Player version can be checked at:
http://www.adobe.com/software/flash/about/

 

More Information:

https://helpx.adobe.com/security/products/flash-player/apsb19-46.html
https://www.hkcert.org/my_url/en/alert/19091102
https://www.us-cert.gov/ncas/current-activity/2019/09/10/adobe-releases-security-updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8070

 



Tag: Adobe , Flash Player
Tags