Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2018-11-21 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ISC Stormcast For Wednesday, November 21st 2018 https://isc.sans.edu/podcastdetail.html?id=6264

Critical Vulnerability in Flash Player

Published: 2018-11-21
Last Updated: 2018-11-21 00:39:04 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Adobe released a patch for a critical vulnerability in Flash Player [1]. According to Adobe, details about the vulnerability have already been made public. Succesful exploitation does allow arbitrary code execution. Widespread exploitation may be imminent. This is of course, in particular, worrying ahead of the long weekend (in the US) with many IT shops running on a skeleton crew. Try to patch this before you head out on Wednesday, or maybe the weekend shift can take care of it.

Of course, over the weekend you may be asked to look at issues with relative's systems. I recommend that you first apply all patches, including this one, then disable Flash. By first patching, and later disabling, you increase your chances of a patched version being installed once the user decides to re-enable Flash.

Google Chrome and Microsoft's Edge browser also need to be updated. Both include Flash by default and are vulnerable.

The vulnerability was originally described in a blog by Gil Dabah about a week ago as part of the "Insanely Low Level" blog [2].

[1] https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
[2] https://www.ragestorm.net/blogs/?p=421

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

Keywords: adobe
0 comment(s)
Diary Archives