Security News > 2020 > October > Critical Flash Player Flaw Opens Adobe Users to RCE
The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player.
Adobe is warning of a critical vulnerability in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems.
Of note, Adobe announced in July 2017 that it plans to push Flash into an end-of-life state, meaning that it will no longer update or distribute Flash Player at the end of this year.
Flash Player has previously caused headaches for system admins over the past year, with Adobe warning of critical issues that could allow for arbitrary code execution in February and in June.
"For organizations that cannot remove Adobe Flash due to a business-critical function, it is recommended to mitigate the threat potential of these vulnerabilities by preventing Adobe Flash Player from running altogether via the killbit feature, set a Group Policy to turn off instantiation of Flash objects, or limit trust center settings prompting for active scripting elements," said Colyer.
News URL
https://threatpost.com/flash-player-flaw-adobe-rce/160034/
Related news
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)