https://www.theregister.co.uk/2018/11/20/adobe_flash_bug/
By Shaun Nichols
The Register
20 Nov 2018
Adobe has emitted software updates to address a critical vulnerability in
Flash Player for Windows, Mac, and Linux.
PC owners and admins will want to upgrade their copies of Flash to version
31.0.0.153 or later in order to get the patch – or just dump the damn
thing all together.
The November 20 security update addresses a single flaw, designated
CVE-2018-15981. It is a type confusion bug that can be exploited to
achieve remote code execution. Basically, an attacker could slip the
exploit code into a Flash .swf file, put it on a web page, and covertly
install malware on any vulnerable machine that visits the page.
Because Adobe does not maintain a fixed patching schedule for Flash
Player, this isn't technically considered an out-of-band band-aid.
However, the update does come just one week after Adobe pushed out a
handful of fixes for Patch Tuesday, including one for an information
disclosure vulnerability in Flash Player.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
