Adobe security bulletin just announced the release of a critical security update for its Flash Player. This recent update addresses a critical vulnerability CVE-2018-15982 in the Adobe Flash Player and another one in Adobe Flash Player installer. In case of successful exploitation, it could lead to Arbitrary Code Execution and privilege escalation in current user context respectively.
This new security update is particularly significant as reports have been making rounds regarding an exploit for this vulnerability existing in the wild. Adobe has also acknowledged the existence of this exploit. The security update caters for Adobe Flash Player for macOS, Windows, Linux and Chrome OS.
Affected Product Versions
|Adobe Flash Player Desktop Runtime||184.108.40.206 and earlier versions||Windows, macOS and Linux|
|Adobe Flash Player for Google Chrome||220.127.116.11 and earlier versions||Windows, macOS, Linux and Chrome OS|
|Adobe Flash Player for Microsoft Edge and Internet Explorer 11||18.104.22.168 and earlier versions||Windows 10 and 8.1|
|Adobe Flash Player Installer||22.214.171.124 and earlier||Windows|
Adobe has given the following priority ratings to these updates and has recommended that the users update their installation to the latest version:
|Adobe Flash Player Desktop Runtime||126.96.36.199||Windows, macOS||1||Flash Player Download Center|
|Adobe Flash Player for Google Chrome||188.8.131.52||Windows, macOS, Linux, and Chrome OS||1||Google Chrome Releases|
|Adobe Flash Player for Microsoft Edge and Internet Explorer 11||184.108.40.206||Windows 10 and 8.1||1||Microsoft Security Advisory|
|Adobe Flash Player Desktop Runtime||220.127.116.11||Linux||3||Flash Player Download Center|
|Adobe Flash Player Installer||18.104.22.168||Windows||2||Flash Player Download Center|
Adobe Flash Player that has been installed with Google Chrome, Internet Explorer 11 for Windows 8.1 and 10 and Microsoft Edge will be updated automatically to its latest version. However, users who do not have the ‘Allow Adobe to install updates’ option enabled can install the update via the update mechanism within the product when prompted.