Adobe has recently released a security update for Adobe Flash Player for Windows, MacOS, Linux and Chrome OS. This covers several vulnerabilities, that could lead also to data exposure.
This update is a Priority 1 update from Adobe. Here, priority 1 means that this update will resolve susceptibilities that are being targeted or are at high risk of being targeted. Adobe has recommended all the administrators to install the latest flash player update as soon as possible.
What Are the Vulnerabilities That Could Lead to Data Exposure?
|Vulnerability Category||Severity||CVE Number||Vulnerability Impact|
|Type Confusion||Critical||CVE-2018-4945||Arbitrary Code Execution|
|Integer Overflow||Important||CVE-2018-5000||Information Disclosure|
|Out-of-bounds read||Important||CVE-2018-5001||Information Disclosure|
|Stack-based buffer overflow||Critical||CVE-2018-5002||Arbitrary Code Execution|
These vulnerabilities were discovered and reported by various organizations, which are now working with Adobe to overcome them and to protect users and their data.
1. CVE-2018-4945 was reported by Jihui Lu of Tencent KeenLab and willJ of Tencent PC Manager in collaboration with Trend Micro Zero Day Initiative.
2. CVE-2018-5000 and CVE-2018-5001 were reported anonymously through Trend Micro Zero Day Initiative.
3. CVE-2018-5002 was discovered and reported by several organizations and individuals.
Regarding the vulnerabilities, threat intelligence analyst at Recorded feature said,
“This is a confusion vulnerability, which means that the code does not properly inspect input data. When successfully exploited, this vulnerability allows for remote code execution.”
He also added,
“The exploit takes advantage of a Flash file embedded in a Microsoft Office document. When the victim opens the Office Document the Trojan infected Flash code automatically runs and executes shell code, which calls out to the attacker’s command-and-control servers.”
What Are the Products That Are Affected?
Adobe is all aware of the reports that there are vulnerabilities that exists and could lead to multiple consequences. Most affected by this were the Windows users.
The attacks can corrupt Office documents that are distributed via email can contain many malicious files within it. Here is the list of affected products.
|Adobe Flash Player Desktop Runtime||Windows, macOS and Linux||220.127.116.11 and earlier versions|
|Adobe Flash Player for Google Chrome||Windows, macOS, Linux and Chrome OS||18.104.22.168 and earlier versions|
|Adobe Flash Player for Microsoft Edge||Windows 10 and 8.1||22.214.171.124 and earlier versions|
|Adobe Flash Player for Internet Explorer 11||Windows 10 and 8.1||126.96.36.199 and earlier versions|
If you want to check the current version of the Adobe Flash Player you are using, go to About Flash Player page from the menu, and if you are using multiple web browsers, go to each browser and check the version of Adobe Flash Player they are using.
What Users Have to Do?
Adobe update has been released for these vulnerabilities. So, in order to prevent themselves and to be on the safe side, all users should immediately install the latest Adobe Flash Player Update.
Also, users using Microsoft Office should disable macros. And users who at the time of installation of Adobe have selected to allow updates automatically in Adobe Flash Player Desktop Runtime for Windows, macOS and Linux will be the first one to get the most recent Flash Player updates.
Download and Install the Latest Adobe Update from here.
Must read : All About Fake Update Campaigns
If you found this helpful, please let us know. You can also drop your feedback in the comment section below.