Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Critical Vulnerability in Flash Player - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical Vulnerability in Flash Player

Adobe released a patch for a critical vulnerability in Flash Player [1]. According to Adobe, details about the vulnerability have already been made public. Succesful exploitation does allow arbitrary code execution. Widespread exploitation may be imminent. This is of course, in particular, worrying ahead of the long weekend (in the US) with many IT shops running on a skeleton crew. Try to patch this before you head out on Wednesday, or maybe the weekend shift can take care of it.

Of course, over the weekend you may be asked to look at issues with relative's systems. I recommend that you first apply all patches, including this one, then disable Flash. By first patching, and later disabling, you increase your chances of a patched version being installed once the user decides to re-enable Flash.

Google Chrome and Microsoft's Edge browser also need to be updated. Both include Flash by default and are vulnerable.

The vulnerability was originally described in a blog by Gil Dabah about a week ago as part of the "Insanely Low Level" blog [2].

[1] https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
[2] https://www.ragestorm.net/blogs/?p=421

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

I will be teaching next: Defending Web Applications Security Essentials - SANS Munich March 2019

Johannes

3413 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!