Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player 28.0.0.161 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Two vulnerabilities which relate to Flash, a use-after-free flaw (CVE-2018-4919) and type confusion bug (CVE-2018-4920), are critical vulnerabilities which impact Adobe Flash Player 28.0.0.161 and earlier on the Windows, Macintosh, Linux, and Chrome OS platforms.
Vulnerability details
Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
Use After Free | Remote Code Execution | Critical | CVE-2018-4919 |
Type Confusion | Remote Code Execution | Critical | CVE-2018-4920 |
Affected Product Versions
Product | Version | Platform |
Adobe Flash Player Desktop Runtime | 28.0.0.161 and earlier versions | Windows, Macintosh |
Adobe Flash Player for Google Chrome | 28.0.0.161 and earlier versions | Windows, Macintosh, Linux and Chrome OS |
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 | 28.0.0.161 and earlier versions | Windows 10 and 8.1 |
Adobe Flash Player Desktop Runtime | 28.0.0.161 and earlier versions | Linux |
Solution
Product | Version | Platform | Priority | Availability |
Adobe Flash Player Desktop Runtime | 29.0.0.113 | Windows, Macintosh | 2 | Flash Player Download Center |
Adobe Flash Player for Google Chrome | 29.0.0.113 | Windows, Macintosh, Linux and Chrome OS | 2 | Google Chrome Releases |
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 | 29.0.0.113 | Windows 10 and 8.1 | 2 | Microsoft Security Advisory |
Adobe Flash Player Desktop Runtime | 29.0.0.113 | Linux | 3 | Flash Player Download Center |