Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier

Page 1 of 2 12 LastLast

    Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier


    Posted: 03 Feb 2018
    Security Advisory for Flash Player | APSA18-01

    Bulletin ID: APSA18-01

    Date Published: February 1, 2018

    Priority: 1

    Summary

    A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.

    Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

    Adobe will address this vulnerability in a release planned for the week of February 5.

    For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.

    Affected Product Versions

    Product: Adobe Flash Player Desktop Runtime
    Version: 28.0.0.137 and earlier versions
    Platform: Windows, Macintosh

    Product: Adobe Flash Player for Google Chrome
    Version: 28.0.0.137 and earlier versions
    Platform: Windows, Macintosh, Linux and Chrome OS

    Product: Adobe Flash Player for Microsoft Edge and Internet Explorer 11
    Version: 28.0.0.137 and earlier versions
    Platform: Windows 10 and 8.1

    Product: Adobe Flash Player Desktop Runtime
    Version: 28.0.0.137 and earlier versions
    Platform: Linux

    To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right- click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

    Mitigations

    Beginning with Flash Player 27, administrators have the ability to change Flash Player's behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content. For more details, see this administration guide.

    Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode.

    Vulnerability details

    Vulnerability Category: Use-after-free

    Vulnerability Impact: Remote Code Execution

    Severity: Critical

    CVE Number: CVE-2018-4878


    Acknowledgments

    Adobe would like to thank KrCERT/CC for reporting this issue and for working with Adobe to help protect our customers.


    Source: Adobe Security Advisory


    Latest Version of Adobe Flash Player - Windows 10 Forums
    Brink's Avatar Posted By: Brink
    03 Feb 2018



  2. Ranger4
    Posts : 9,746
    Windows 7 Home Premium 64 bit sp1
       New #1

    I looked for the Adobe Flash player update in Browsers & Mail, where it usually is & was surprised there was no mention. So I clicked on Brink's link to Windows 10 Forums & then to clicked on the link to "Adobe Flash Player - Downloads" & downloaded & installed Adobe Flash Player version 28.0.0.137 for IE11 & for Chrome & Opera to suit the browsers I use.
      My Computer
    Quote Quote

  4. lehnerus2000
    Posts : 4,049
    W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
       New #2

    Ranger4 said:
    I looked for the Adobe Flash player update in Browsers & Mail, where it usually is & was surprised there was no mention. So I clicked on Brink's link to Windows 10 Forums & then to clicked on the link to "Adobe Flash Player - Downloads" & downloaded & installed Adobe Flash Player version 28.0.0.137 for IE11 & for Chrome & Opera to suit the browsers I use.
    Adobe Flash Player v28.0.0.137 has the vulnerability.
    A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.
    https://helpx.adobe.com/security/pro...apsa18-01.html
    They haven't released a fixed version yet.
      My Computer
    Quote Quote

  5. Ranger4
    Posts : 9,746
    Windows 7 Home Premium 64 bit sp1
       New #3

    Thanks for that & I stand corrected, my mistake.

    Hopefully a fix will come through very soon.
      My Computer
    Quote Quote

  7. Lenms
    Posts : 13
    Windows 7 Professional x64
       New #4

    Any effect on Firefox 57+ ?

    Thanks,
    Lenms
      My Computer
    Quote Quote

  8. lehnerus2000
    Posts : 4,049
    W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
       New #5

    Lenms said:
    Any effect on Firefox 57+ ?
    You'll potentially be vulnerable to the Flash issue if you have Flash installed. :)

    Script Blockers may protect you by blocking Flash, but if you enable Flash "all bets are off".
      My Computer
    Quote Quote

  9. Anak
    Posts : 5,605
    Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
       New #6

    I had the checkmark next to Block dangerous and intrusive Flash content checked and set to always ask but since this newest security hole I've set it to never activate.

    • FF v58.0.1 Tools >Options >Plugins

    Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier-flash.png
      My Computer
    Quote Quote

  11. BrightBlessings
    Posts : 1,491
    Win7 Pro-64 Bit
       New #7

    Version 28.0.0.161 Available

    Offline installers

    IE-http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe

    Firefox=http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
      My Computer
    Quote Quote

  12. Anak
    Posts : 5,605
    Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
       New #8

    Thanks BrightBlessings,

    I'll keep updating just in case there's a site that hasn't changed over to HTML5, Canvas and CSS3, but I'm going to leave them both deactivated. I'm finding more an more that I don't need flash.

    btw..Check your settings for add-ons. The update changed my never activate to ask to activate.
      My Computer
    Quote Quote

  13. Brink
    Posts : 72,036
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       New #9

    New Adobe Flash Player WHQL 28.0.0.161 is now officially available. :)

    Latest Version of Adobe Flash Player - Windows 7 Help Forums
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
An Adobe Security Bulletin has been posted to address critical security issues in Adobe Flash Player, referenced in Security Advisory APSA10-01. This Security Bulletin affects Flash Player versions 10.0.45.2 and earlier, as well as AIR versions 1.5.3.9130 and earlier.Although Adobe...
hi ! i got a flash-message from SITIC, (the Swedish IT-Incident Center), there is a new 0-day vulnerability in Adobe´s Flash Player, Reader & Acrobat ! info from Adobe: "Security Advisory for Flash Player, Adobe Reader and Acrobat Release date: June 4, 2010 ...
more..
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 02:32.
Find Us