Buzz
The CVE-2018-15981 vulnerability was discovered by researcher Gil Dabah in Israel and is deemed serious, prioritized with a '1' rating. Due to the high risk of exploitation, users are advised to update their patches as soon as possible.
Flash Player Security Update: Patching Code Execution Vulnerabilities
Adobe promptly released a Flash Player patch for Windows, macOS, Linux, and Chrome OS following the receipt of the report, specifically version 31.0.0.153, which was released last Tuesday. Versions 31.0.0.148 and earlier were identified as affected. Additionally, the company disclosed technical details of these vulnerabilities to users.
In a blog post on November 13, security researcher Dabah shared his decision to publicly disclose his findings before Adobe released patches to users. On November 15, Adobe responded that they were also preparing to release an update for Flash Player to fix the code execution vulnerability.
As explained by Dabah in his blog post: 'The Action Script Virtual Machine's (AVM) interpreter does not reset the scope pointer when an exception is caught, leading to confusion errors and ultimately remote code execution.'
This is the second vulnerability disclosed and patched by Adobe this month. The November 2018 Patch Tuesday update for Flash Player included patches for vulnerabilities that could lead to NTLM hash password leaks. Check Point discovered and reported this vulnerability back in April. Shortly after, Adobe released patches; however, EdgeSpot recently discovered that the original patches may be bypassed.
Currently, Adobe Flash Player is no longer as widely used as before due to its sluggishness, numerous vulnerabilities, and the gradual transition to HTML5. If you feel that this player is not truly necessary, you can remove Adobe Flash Player from Chrome, CocCoc, Firefox browsers to help your device perform better and be safer.
