Priority 1 Security Update For Adobe Flash Player

flash player update

Adobe has recently released a security update for Adobe Flash Player for Windows, MacOS, Linux and Chrome OS. This covers several vulnerabilities, that could lead also to data exposure.

This update is a Priority 1 update from Adobe. Here, priority 1 means that this update will resolve susceptibilities that are being targeted or are at high risk of being targeted. Adobe has recommended all the administrators to install the latest flash player update as soon as possible.

What Are the Vulnerabilities That Could Lead to Data Exposure?

Vulnerability Category Severity CVE Number Vulnerability Impact
Type Confusion Critical CVE-2018-4945 Arbitrary Code Execution
Integer Overflow Important CVE-2018-5000 Information Disclosure
Out-of-bounds read Important CVE-2018-5001 Information Disclosure
Stack-based buffer overflow Critical CVE-2018-5002 Arbitrary Code Execution

 

These vulnerabilities were discovered and reported by various organizations, which are now working with Adobe to overcome them and to protect users and their data.

1. CVE-2018-4945 was reported by Jihui Lu of Tencent KeenLab and willJ of Tencent PC Manager in collaboration with Trend Micro Zero Day Initiative.

2. CVE-2018-5000 and CVE-2018-5001 were reported anonymously through Trend Micro Zero Day Initiative.

3. CVE-2018-5002 was discovered and reported by several organizations and individuals.

Regarding the vulnerabilities, threat intelligence analyst at Recorded feature said,

“This is a confusion vulnerability, which means that the code does not properly inspect input data. When successfully exploited, this vulnerability allows for remote code execution.”

He also added,

“The exploit takes advantage of a Flash file embedded in a Microsoft Office document. When the victim opens the Office Document the Trojan infected Flash code automatically runs and executes shell code, which calls out to the attacker’s command-and-control servers.”

Also Read : Protect Your Machine Against Cybersecurity Kill Chain

What Are the Products That Are Affected?

Adobe is all aware of the reports that there are vulnerabilities that exists and could lead to multiple consequences. Most affected by this were the Windows users.

The attacks can corrupt Office documents that are distributed via email can contain many malicious files within it. Here is the list of affected products.

PRODUCT PLATFORM FLASH VERSION
Adobe Flash Player Desktop Runtime Windows, macOS and Linux 29.0.0.171 and earlier versions
Adobe Flash Player for Google Chrome Windows, macOS, Linux and Chrome OS 29.0.0.171 and earlier versions
Adobe Flash Player for Microsoft Edge Windows 10 and 8.1 29.0.0.171 and earlier versions
Adobe Flash Player for Internet Explorer 11 Windows 10 and 8.1 29.0.0.171 and earlier versions

 

If you want to check the current version of the Adobe Flash Player you are using, go to About Flash Player page from the menu, and if you are using multiple web browsers, go to each browser and check the version of Adobe Flash Player they are using.

What Users Have to Do?

Adobe update has been released for these vulnerabilities. So, in order to prevent themselves and to be on the safe side, all users should immediately install the latest Adobe Flash Player Update.

Also, users using Microsoft Office should disable macros. And users who at the time of installation of Adobe have selected to allow updates automatically in Adobe Flash Player Desktop Runtime for Windows, macOS and Linux will be the first one to get the most recent Flash Player updates.

Download and Install the Latest Adobe Update from here.

Must read : All About Fake Update Campaigns

If you found this helpful, please let us know. You can also drop your feedback in the comment section below.