Published on Thursday, 22 November 2018 16:47Background
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh Operating System (MacOS), Linux and Chrome Operating Systems (OS). The vulnerability occurs because the interpreter code of the Action Script Virtual Machine does not reset when an exception is caught. This leads to a “type confusion” bug, resulting in the possibility of a remote code execution. The security updates address this critical vulnerability (CVE-2018-15981) in Adobe Flash Player.
• Adobe Flash Player Desktop Runtime running on version 18.104.22.168 and earlier for Windows, MacOS and Linux
• Adobe Flash Player for Google Chrome running on version 22.214.171.124 and earlier for Windows, MacOS, Linux and Chrome OS
• Adobe Flash Player for Microsoft Edge and Internet Explorer 11 running on version 126.96.36.199 and earlier versions for Windows 10 and 8.1
Successful exploitation of this vulnerability could allow attackers to perform arbitrary code execution on affected systems. Attackers can take control of an affected system to perform malicious activities such as unauthorised installation of programs, creating rogue administrator accounts and alteration of data.
• Users running on the affected versions of Adobe Flash Player Desktop Runtime for Windows, MacOS and Linux should update to the latest version, Adobe Flash Player 188.8.131.52.
• Affected versions of Adobe Flash Player for Google Chrome, Microsoft Edge and Internet Explorer 11 will be updated automatically to the latest version, Adobe Flash Player 184.108.40.206.