Adobe Patches Flash Flaw

Wednesday, May 9, 2018 @ 01:05 PM gHale

Adobe patched flaws this month in Flash Player, Creative Cloud and Connect products.

One issue ended up fixed in Flash Player with the release of version 29.0.0.171 for Windows, Mac, Linux and Chrome OS.

RELATED STORIES
Adobe Patches Vulnerabilities
Adobe Releases Security Patches
Adobe Patches Acrobat, Reader, Experience Manager
Microsoft Fixes 50 Vulnerabilities

The hole affects Flash Player 29.0.0.140 and earlier versions.

The flaw is a critical type confusion that allows arbitrary code execution (CVE-2018-4944). Adobe, however, assigned it a severity rating of “2,” which indicates that exploits are not considered imminent and there is no rush to install the update.

Three security holes have been patched by Adobe in Creative Cloud desktop applications for Windows and macOS.

Version 4.4.1.298 and earlier of the apps suffer from an improper input validation issue that can lead to privilege escalation, an improper certificate validation problem that can lead to a security bypass, and a flaw described as an “unquoted search path” that can end up leveraged for privilege escalation.

The certificate validation vulnerability is “critical,” while the other two issues have been rated “important.” All of them have a priority rating of “2.”



Leave a Reply

You must be logged in to post a comment.