Adobe issues patch for a Flash Player vulnerability that could lead to an arbitrary code execution on targeted systems.
Adobe released a patch for a critical flaw on Tuesday that leaves its Flash Player vulnerable to arbitrary code execution by an adversary. Affected are versions of the Flash Player running on Windows, macOS, Linux and Chrome OS.
In tandem, a Microsoft Security Advisory was also issued for the bug (CVE-2018-15981) on Tuesday.
The bug is a type “confusion” vulnerability, which is a common attack technique used against Adobe’s ActionScript Virtual Machine. “Usually, when a piece of code doesn’t verify the type of object that is passed to it, and uses it blindly without type-checking, it leads to type confusion,” according to a Microsoft description of the bug.