Adobe fixes critical security vulnerability in Flash Player

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-security-vulnerability-in-flash-player/

Adobe has released a security update for a critical remote code execution vulnerability in Adobe Flash Player that could be exploited by simply visiting a website.

Adobe states that hackers could exploit this vulnerability, tracked as CVE-2020-9746, by inserting malicious strings in HTTP responses when users visit a website.

"Exploitation of CVE-2020-9746 requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL."

When successfully exploited, the vulnerability could lead to a crash that allows the attacker to execute commands on a visitor's computer remotely. These commands would be executed under the security context of the user and would not have administrator privileges.

To resolve this vulnerability, users should install Adobe Flash Player 32.0.0.445 as soon as possible.

 

[bayasdev]

Is anyone here actually using Flash Player?

 

[silversurfer]

Is anyone here actually using Flash Player?

I guess, nobody using anymore Adobe-Flash-Player as standalone app, but it's still included on Google Chrome & Microsoft Edge:

Affected are versions 32.0.0.433 and earlier of Adobe Flash Desktop Runtime (for Windows, macOS and Linux); Adobe Flash Player for Google Chrome (Windows, macOS, Linux and Chrome OS) and Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (Windows 10 and 8.1).

Source: Critical Flash Player Flaw Opens Adobe Users to RCE

 

[SeriousHoax]

I received a flash player update today via window update. It was related to this vulnerability I guess.