Adobe Patches Zero-Day Vulnerability in Flash Player

Quote:Adobe on Wednesday released several unscheduled fixes for Flash Player, including a critical vulnerability that it said is being exploited in the wild.

The critical vulnerability, You are not allowed to view links. Register or Login to view., is a use-after-free flaw enabling arbitrary code-execution in Flash.

“Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS,” Adobe said in its release. “These updates address one critical vulnerability in Adobe
Flash Player and one important vulnerability in Adobe Flash Player installer. Successful exploitation could lead to arbitrary code-execution and privilege-escalation in the context of the current user respectively.”

The flaw was discovered by Chenming Xu and Ed Miles of Gigamon ATR.

Impacted is Adobe Flash Player Desktop Runtime, Adobe Flash Player for You are not allowed to view links. Register or Login to view.; Adobe Flash Player for Microsoft Edge and Internet Explorer 11; all for versions 31.0.0.153 and earlier. Adobe Flash Player Installer versions 31.0.0.108 and earlier is also affected.

Users of these impacted products can update to version 32.0.0.101, according to Adobe. Users of Adobe Flash Player Installer can update to version 31.0.0.122.

Source: You are not allowed to view links. Register or Login to view.