Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent


Adobe has released a Flash Player update that plugs a critical vulnerability (CVE-2018-15981) that could lead to remote code execution, and is urging users to implement it as soon as possible.


The flaw affects Flash Player and earlier versions on Windows, macOS, Linux and Chrome OS, and details about it are already publicly available, the company warned.

About CVE-2018-15981

CVE-2018-15981 was discovered and publicly disclosed by researcher Gil Dabah last week.

“The interpreter code of the Action Script Virtual Machine (AVM) does not reset a with-scope pointer when an exception is caught, leading later to a type confusion bug, and eventually to a remote code execution,” he explained, then proceeded to detail how it can be triggered.

Read more…