[ Nov 23, 2018 ]
Adobe’s Flash Player for Windows, Mac and Linux has a critical vulnerability that should be patched as a top priority.
Technical details about this vulnerability are publicly available.
The vulnerability was made public last week by a researcher on the same day Adobe released its monthly patch, which means it’s been in the public realm for at least that long.
Identified as CVE-2018-15981, the problem is a type of confusion bug that could lead to a remote code execution (RCE), which could be executed via a malicious Flash file on a boobytrapped website.
The affected versions are 184.108.40.206 and earlier running on all platforms, which means the Desktop Runtime as well as inside the Chrome (and Chromebook), Edge, Firefox and Internet Explorer browsers.
Cyber Security Tips:
- The updated version is 220.127.116.11.
- Windows 10 consumer users should receive this update automatically from Microsoft.