Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier

UPDATE 2/6: KB4074595 Security Update for Adobe Flash Player - Feb. 6

Security Advisory for Flash Player | APSA18-01

Bulletin ID

Date Published

Priority

APSA18-01

February 1, 2018

1

Summary

A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

Adobe will address this vulnerability in a release planned for the week of February 5.

For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.

Affected Product Versions

Product

Version

Platform

Adobe Flash Player Desktop Runtime

28.0.0.137 and earlier versions

Windows, Macintosh

Adobe Flash Player for Google Chrome

28.0.0.137 and earlier versions

Windows, Macintosh, Linux and Chrome OS

Adobe Flash Player for Microsoft Edge and Internet Explorer 11

28.0.0.137 and earlier versions

Windows 10 and 8.1

Adobe Flash Player Desktop Runtime

28.0.0.137 and earlier versions

Linux

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right- click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Mitigations

Beginning with Flash Player 27, administrators have the ability to change Flash Player's behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content. For more details, see this administration guide.

Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode.

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Use-after-free

Remote Code Execution

Critical

CVE-2018-4878

Acknowledgments

Adobe would like to thank KrCERT/CC for reporting this issue and for working with Adobe to help protect our customers.
Click to expand...


Source: Adobe Security Advisory


:arrow:Latest Version of Adobe Flash Player - Windows 10 Forums
 
Last edited:
Click to expand...

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
You must log in or register to reply here.
Back
Top