Security News > 2020 > October > Critical Flash Player Flaw Opens Adobe Users to RCE

Critical Flash Player Flaw Opens Adobe Users to RCE
2020-10-13 17:46

The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player.

Adobe is warning of a critical vulnerability in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems.

Of note, Adobe announced in July 2017 that it plans to push Flash into an end-of-life state, meaning that it will no longer update or distribute Flash Player at the end of this year.

Flash Player has previously caused headaches for system admins over the past year, with Adobe warning of critical issues that could allow for arbitrary code execution in February and in June.

"For organizations that cannot remove Adobe Flash due to a business-critical function, it is recommended to mitigate the threat potential of these vulnerabilities by preventing Adobe Flash Player from running altogether via the killbit feature, set a Group Policy to turn off instantiation of Flash objects, or limit trust center settings prompting for active scripting elements," said Colyer.


News URL

https://threatpost.com/flash-player-flaw-adobe-rce/160034/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Adobe 105 47 824 1650 622 3143