20 November 18, 20:48
Quote:Adobe patched a critical vulnerability in Flash Player which could be exploited by potential attackers to trigger an arbitrary code execution condition within the context of the current user.
The Type Confusion security issue is present in Flash Player 31.0.0.148 and earlier releases, and it affects versions running on multiple platforms, from Windows and macOS to Linux and Chrome OS.
As detailed by the Common Weakness Enumeration platform, type confusion errors appear when "The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type."
Moreover, the CVE-2018-15981 vulnerability was rated by Adobe as a critical issue, "which, if exploited would allow malicious native-code to execute, potentially without a user being aware."
Given that successful exploitation of the security bug may result in system compromise and would allow adversaries to execute code without the user's knowledge, Flash Player users should update as soon as possible.
Source: https://news.softpedia.com/news/flash-pl...3887.shtml
![[-]](https://www.geeks.fyi/images/collapse.png)
