Your one-stop web resource providing safety and security information to manufacturers

Adobe released a Flash Player update that plugs a critical vulnerability that could lead to remote code execution.

The flaw is important enough to the point where the company is urging users to implement the fix as soon as possible.

Out of Band Patch from Adobe
Adobe Fixes Flash, ColdFusion Holes
Patch Tuesday Clears Zero Day
Windows 10 Zero Day Discovered

The flaw, that has the CVE-2018-15981 file number, affects Flash Player and earlier versions on Windows, macOS, Linux and Chrome OS, and details are already publicly available, the company said in an advisory.

CVE-2018-15981 ended up discovered and publicly disclosed by researcher Gil Dabah.

Cyber Security

“The interpreter code of the Action Script Virtual Machine (AVM) does not reset a with-scope pointer when an exception is caught, leading later to a type confusion bug, and eventually to a remote code execution,” he said in a post.

“When I found this bug at first, I thought there’s small chance it’s a real bug. Particularly, I had my doubts, because the chances to have a forgotten/dangling with-scope is high in a normal Flash application,” he said. “So how come nobody encountered this bug before as a misbehavior of their app? E.G. by getting a wrong variable, etc. Apparently, the combination to cause this scenario accurately is not that high after all.”

One of the best fixes could be removing Flash Player altogether, since Adobe is planning to end support for it by the end of 2020.

Pin It on Pinterest

Share This