Network Security, Vulnerability Management

Adobe Patch Tuesday update fixes confusion flaw in Flash

A patch released Tuesday by Adobe fixes a critical confusion vulnerability, CVE-2018-4944, found in all Flash Player versions up to 29.0.0.140.

A confusion vulnerability, which means the application isn't properly inspecting data it gets from other applications, “can allow for arbitrary code execution, as is the case with this vulnerability,” said Allan Liska, threat intelligence analyst at Recorded Future. “This means an attacker can use the vulnerability to execute remote code, usually a loader of some sort, on the victim's machine.”

While Adobe resolved only one CVE, “it is rated as Critical,” said Gill Langston, ‎director of product management, patching, at Qualys, “Flash Player is still a high profile target on end user systems. It is always recommended as a high priority.”

The company urged users to upgrade to Adobe Flash Player 29.0.0.171.

 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.