Adobe flash player v32.0.0.101 released: fix the high-risk vulnerabilities
On December 05, Adobe officially released the Security updates available for Flash Player, which fixes two critical vulnerability (CVE-2018-15982 and CVE-2018-15983) in this products. Successful exploitation does allow arbitrary code execution and privilege escalation in the context of the current user respectively. Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.
Vulnerability Overview:
Adobe has released a security update for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates resolve an information disclosure vulnerability in Adobe Flash Player 31.0.0.153 and earlier.
Affected version
| Product | Version | Platform |
| Adobe Flash Player Desktop Runtime | 31.0.0.153 and earlier versions | Windows, macOS and Linux |
| Adobe Flash Player for Google Chrome | 31.0.0.153 and earlier versions | Windows, macOS, Linux and Chrome OS |
| Adobe Flash Player for Microsoft Edge and Internet Explorer 11 | 31.0.0.153 and earlier versions | Windows 10 and 8.1 |
| Adobe Flash Player Installer | 31.0.0.108 and earlier | Windows |
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
| Use after free | Arbitrary Code Execution | Critical | CVE-2018-15982 |
| Insecure Library Loading (DLL hijacking) | Privilege Escalation | Important | CVE-2018-15983 |
Solution
Adobe has released a new version to fix the above vulnerability; users should upgrade your software as soon as possible.
