Adobe Addresses Critical Vulnerability CVE-2018-15982 in Flash Player as Report of an Exploit Makes Rounds

Adobe security bulletin just announced the release of a critical security update for its Flash Player. This recent update addresses a critical vulnerability CVE-2018-15982 in the Adobe Flash Player and another one in Adobe Flash Player installer. In case of successful exploitation, it could lead to Arbitrary Code Execution and privilege escalation in current user context respectively.

This new security update is particularly significant as reports have been making rounds regarding an exploit for this vulnerability existing in the wild. Adobe has also acknowledged the existence of this exploit. The security update caters for Adobe Flash Player for macOS, Windows, Linux and Chrome OS.

Affected Product Versions

ProductVersionPlatform
Adobe Flash Player Desktop Runtime31.0.0.153 and earlier versionsWindows, macOS and Linux
Adobe Flash Player for Google Chrome31.0.0.153 and earlier versionsWindows, macOS, Linux and Chrome OS
Adobe Flash Player for Microsoft Edge and Internet Explorer 1131.0.0.153 and earlier versionsWindows 10 and 8.1
Adobe Flash Player Installer31.0.0.108 and earlierWindows

Solution

Adobe has given the following priority ratings to these updates and has recommended that the users update their installation to the latest version:

ProductVersionPlatformPriorityAvailability
Adobe Flash Player Desktop Runtime32.0.0.101Windows, macOS1Flash Player Download Center

Flash Player Distribution

Adobe Flash Player for Google Chrome32.0.0.101Windows, macOS, Linux, and Chrome OS1Google Chrome Releases
Adobe Flash Player for Microsoft Edge and Internet Explorer 1132.0.0.101Windows 10 and 8.11Microsoft Security Advisory
Adobe Flash Player Desktop Runtime32.0.0.101Linux3Flash Player Download Center
Adobe Flash Player Installer31.0.0.122Windows2Flash Player Download Center

Flash Player Distribution

Adobe Flash Player that has been installed with Google Chrome, Internet Explorer 11 for Windows 8.1 and 10 and Microsoft Edge will be updated automatically to its latest version. However, users who do not have the ‘Allow Adobe to install updates’ option enabled can install the update via the update mechanism within the product when prompted.


Tags

Maira Ahmed


Maira is a system analyst for the last 10 years. She likes to explore, experience and understand new technologies shaping the future. She was a key member of the MUM "Mera Urdu Messenger"s (R&D) team, the first ever Urdu messenger released by CRI in the 90s.
Close