On December 05, Adobe officially released the Security updates available for Flash Player, which fixes two critical vulnerability (CVE-2018-15982 and CVE-2018-15983) in this products. Successful exploitation does allow arbitrary code execution and privilege escalation in the context of the current user respectively. Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.
Adobe has released a security update for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates resolve an information disclosure vulnerability in Adobe Flash Player 188.8.131.52 and earlier.
|Adobe Flash Player Desktop Runtime||184.108.40.206 and earlier versions||Windows, macOS and Linux|
|Adobe Flash Player for Google Chrome||220.127.116.11 and earlier versions||Windows, macOS, Linux and Chrome OS|
|Adobe Flash Player for Microsoft Edge and Internet Explorer 11||18.104.22.168 and earlier versions||Windows 10 and 8.1|
|Adobe Flash Player Installer||22.214.171.124 and earlier||Windows|
|Vulnerability Category||Vulnerability Impact||Severity||CVE Number|
|Use after free||Arbitrary Code Execution||Critical||CVE-2018-15982|
|Insecure Library Loading (DLL hijacking)||Privilege Escalation||Important||CVE-2018-15983|
Adobe has released a new version to fix the above vulnerability; users should upgrade your software as soon as possible.