Adobe Flash Player vulnerabilities and their subsequent patches are no surprise to us. Once again, Adobe has patched a critical Flash Player vulnerability that could result in remote code execution attacks. However, what matters this time is that the bug did not remain confidential to Adobe before the fix. Rather, the details were leaked to the public.
Type Confusion Flash Player Vulnerability Discovered
This week, Adobe has patched a critical bug in its Flash Player that could allow an attacker to execute arbitrary codes on the target systems. Explaining the details of this Flash Player vulnerability, Adobe stated in its advisory,
Successful exploitation could lead to arbitrary code execution in the context of the current user.
Assigned with the CVE number CVE-2018-15981, the patched vulnerability is basically a type confusion bug that could allow remote code execution attacks. An attacker could simply exploit the bug via a Flash file on any malicious or hacked website.
The vulnerability existed in Flash Player versions 220.127.116.11 and before, and affected the software for Windows, Linux, Chrome OS, and macOS.
Update Your Software ASAP!
Adobe has released the patch for this type of confusion bug in the Flash Player version 18.104.22.168. While the software will automatically update to the latest patched version, users should also remain vigilant to download the patched version at the earliest. The reason why the users should patch their system quickly is a disclosure by Adobe while explaining the vulnerability, which states,
Technical details about this vulnerability are publicly available.
It means the hackers already know of this vulnerability, and would perhaps try to exploit the bug in unpatched versions. Therefore, all the users with unpatched Flash Player versions are extremely vulnerable to hacks.
Though, at the moment, it is merely a speculation. Yet, recalling how the hackers exploited unpatched Microsoft Word’s video feature vulnerability, the speculation seems legit.