TTCSIRT-108.041318: TT-CSIRT Advisory – Adobe Security Updates

TTCSIRT-108.041318: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that multiple vulnerabilities have been discovered in Adobe Flash Player the most severe of which could allow for remote code execution.

Details are as follows:

a) A remote code-execution vulnerability that occurs due to a use-after-free condition – (CVE-2018-4932)

b) Multiple remote code-execution vulnerabilities that occur due to an out-of-bounds write error – (CVE-2018-4935, CVE-2018-4937)

c) Multiple information-disclosure vulnerabilities that occur due to an out-of-bounds read error – (CVE-2018-4933, CVE-2018-4934)

d) An information-disclosure vulnerability that occurs due to a heap overflow condition – (CVE-2018-4936)

Successful exploitation of the most severe of these vulnerabilities could result in the attacker gaining control of the affected system. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Further information on these vulnerabilities and how they can be mitigated can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-flash-player-could-allow-for-remote-code-execution-apsb18-08_2018-039/