steven36 Posted March 14, 2018 Share Posted March 14, 2018 Adobe Flash Player, Connect, and Dreamweaver are the focus of this month's patch cycle. Adobe has patched a set of critical vulnerabilities which can lead to remote code execution, information leaks, and file deletion. On Tuesday, the tech giant's security advisory noted that the vulnerabilities impact Adobe Flash Player, Adobe Connect, and Adobe Dreamweaver CC. Two vulnerabilities which relate to Flash, a use-after-free flaw (CVE-2018-4919) and type confusion bug (CVE-2018-4920), are critical vulnerabilities which impact Adobe Flash Player 28.0.0.161 and earlier on the Windows, Macintosh, Linux and Chrome OS platforms. Adobe says that successful exploitation may lead to arbitrary code execution in the context of current users. "This patch remediates two critical vulnerabilities and should be prioritized for workstation-type devices," said Jimmy Graham, Qualys Director of Product Management. "There are currently no active attacks against these vulnerabilities." Adobe also addressed two vulnerabilities in Adobe Connect. The first security flaw, CVE-2018-4923, is an OS Command Injection bug which can lead to arbitrary file deletion. The second vulnerability, CVE-2018-4921, is an error which causes unrestricted SWF file uploads and may lead to information disclosure. The final bug, CVE-2018-4924, is a critical OS Command Injection flaw in Adobe Dreamweaver CC. If successfully exploited, attackers can execute arbitrary code. Adobe thanked Yuki Chen of Qihoo 360 Vulcan Team working alongside the Chromium Vulnerability Rewards Program and independent researchers Rgod and Ciaran McNally for reporting the issues. The company recommends that users update their software versions immediately to stay protected. In February, Adobe addressed a total of 41 vulnerabilities across Adobe Acrobat and Reader. In total, 17 of which were considered critical security flaws and could be exploited by attackers to perform the remote execution of code. Source Link to comment Share on other sites More sharing options...
jiski Posted March 14, 2018 Share Posted March 14, 2018 Flash player is not good. I not use now. Link to comment Share on other sites More sharing options...
Mandy Posted March 17, 2018 Share Posted March 17, 2018 Its been long coming but they've been quiet over it hope it works Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.