The Broadband Guide
SG
search advanced

Adobe Patches Zero-Day Vulnerability in Flash Player

2018-12-06 14:30 by
Tags:

 

Adobe on Wednesday released several unscheduled fixes for Flash Player, including a critical vulnerability that it said is being exploited in the wild. Researchers with Gigamon Applied Threat Research (ATR) and Qihoo 360 uncovered a phishing campaign that exploits CVE-2018-15982. This attack is being named "Operation Poison Needles" and targeted the Russian FSBI "Polyclinic #2" medical clinic.

"Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS," Adobe said in its release. "These updates address one critical vulnerability in Adobe Flash Player and one important vulnerability in Adobe Flash Player installer. Successful exploitation could lead to arbitrary code-execution and privilege-escalation in the context of the current user respectively."

CVE-2018-15982 is a use-after-free in the Flash's file package com.adobe.tvsdk.mediacore.metadata that can be exploited to deliver and execute malicious code on a victim's computer. Impacted are Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome; Adobe Flash Player for Microsoft Edge and Internet Explorer 11; all for versions 31.0.0.153 and earlier. Adobe Flash Player Installer versions 31.0.0.108 and earlier are also affected.

Users and admins are advised to test and install the patches as soon as possible.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About