07 December 2018
Security Update for Adobe Flash Player
Trouble strikes again as Adobe patches security vulnerabilities in Flash Player, including a zero-day vulnerability that has been spotted being exploited in the wild.
Adobe has released an ‘out-of-band emergency update’, after a defect was exposed by Chenming Xu and Ed Miles of Gigamon Applied Threat Research and Qihoo 360 Core Security. They discovered a phishing campaign exploiting CVE-2018-15982 , a use-after-free flaw permitting arbitrary code execution on a victim’s computer.
What Steps Should I Take?
Adobe has released a batch of security updates for Windows, macOS, Linux and Chrome OS, advising users to update and test their systems as soon as possible. This incorporates, the Flash Player app, Google Chrome, Microsoft Internet Explorer and Edge, due to the fact flash player is used within each of these applications.
The updates address a significant vulnerability in both the Adobe Flash Player and the Adobe Flash Installer. Those affected by this attack can update to version 220.127.116.11 and 18.104.22.168, for users of Adobe Flash Player.