Adobe flash player v32.0.0.101 released: fix the high-risk vulnerabilities

On December 05, Adobe officially released the Security updates available for Flash Player, which fixes two critical vulnerability (CVE-2018-15982  and CVE-2018-15983) in this products. Successful exploitation does allow arbitrary code execution and privilege escalation in the context of the current user respectively. Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.

Adobe November Security Update

Vulnerability Overview:

Adobe has released a security update for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates resolve an information disclosure vulnerability in Adobe Flash Player 31.0.0.153 and earlier.

Affected version

Product Version Platform
Adobe Flash Player Desktop Runtime 31.0.0.153 and earlier versions Windows, macOS and Linux
Adobe Flash Player for Google Chrome 31.0.0.153 and earlier versions Windows, macOS, Linux and Chrome OS
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 31.0.0.153 and earlier versions Windows 10 and 8.1
Adobe Flash Player Installer 31.0.0.108 and earlier Windows

 

Vulnerability Category Vulnerability Impact Severity CVE Number
Use after free Arbitrary Code Execution Critical CVE-2018-15982
Insecure Library Loading (DLL hijacking) Privilege Escalation Important CVE-2018-15983

Solution

Adobe has released a new version to fix the above vulnerability; users should upgrade your software as soon as possible.