Security News > 2020 > October > Critical Flash Player Flaw Opens Adobe Users to RCE
The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player.
Adobe is warning of a critical vulnerability in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems.
Of note, Adobe announced in July 2017 that it plans to push Flash into an end-of-life state, meaning that it will no longer update or distribute Flash Player at the end of this year.
Flash Player has previously caused headaches for system admins over the past year, with Adobe warning of critical issues that could allow for arbitrary code execution in February and in June.
"For organizations that cannot remove Adobe Flash due to a business-critical function, it is recommended to mitigate the threat potential of these vulnerabilities by preventing Adobe Flash Player from running altogether via the killbit feature, set a Group Policy to turn off instantiation of Flash objects, or limit trust center settings prompting for active scripting elements," said Colyer.
News URL
https://threatpost.com/flash-player-flaw-adobe-rce/160034/
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)