Windows 10: Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier

  1. Brink's Avatar
    Posts : 32,988
    64-bit Windows 10 Pro build 18252
       03 Feb 2018 #1

    Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier


    UPDATE 2/6: KB4074595 Security Update for Adobe Flash Player - Feb. 6 - Windows 10 Forums

    Security Advisory for Flash Player | APSA18-01

    Bulletin ID Date Published Priority
    APSA18-01 February 1, 2018 1

    Summary

    A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.

    Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

    Adobe will address this vulnerability in a release planned for the week of February 5.

    For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.

    Affected Product Versions

    Product Version Platform
    Adobe Flash Player Desktop Runtime 28.0.0.137 and earlier versions Windows, Macintosh
    Adobe Flash Player for Google Chrome 28.0.0.137 and earlier versions Windows, Macintosh, Linux and Chrome OS
    Adobe Flash Player for Microsoft Edge and Internet Explorer 11 28.0.0.137 and earlier versions Windows 10 and 8.1
    Adobe Flash Player Desktop Runtime 28.0.0.137 and earlier versions Linux

    To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right- click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

    Mitigations

    Beginning with Flash Player 27, administrators have the ability to change Flash Player's behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content. For more details, see this administration guide.

    Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode.

    Vulnerability details

    Vulnerability Category Vulnerability Impact Severity CVE Number
    Use-after-free Remote Code Execution Critical CVE-2018-4878

    Acknowledgments

    Adobe would like to thank KrCERT/CC for reporting this issue and for working with Adobe to help protect our customers.


    Source: Adobe Security Advisory


    Latest Version of Adobe Flash Player - Windows 10 Forums
    Last edited by Brink; 06 Feb 2018 at 22:54.
      My ComputersSystem Spec

  2. TairikuOkami's Avatar
    Posts : 3,408
    10.6 Home 1809 x64
       03 Feb 2018 #1

    Latest beta is 28.0.0.152, not sure if it is vulnerable though.
    Code:
    https://labs.adobe.com/downloads/flashplayer.html
      My ComputerSystem Spec

  3. Cliff S's Avatar
    Posts : 21,625
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       03 Feb 2018 #2

    Why don't those OneDeeTenTee's(1D10T's) just stop integrating that garbage with Win10?
      My ComputersSystem Spec

  4.    04 Feb 2018 #3

    Agreed. This is the version I have. Please let Flash Player die.
      My ComputerSystem Spec

  5.    05 Feb 2018 #4

    Go to chrome, in chrome://components/ and force the update of flash.
    Latest version is the 28.0.0.161
    Last edited by delijohn; 05 Feb 2018 at 03:50.
      My ComputerSystem Spec

  6. Brink's Avatar
    Posts : 32,988
    64-bit Windows 10 Pro build 18252
    Thread Starter
       06 Feb 2018 #5

    New Adobe Flash Player WHQL 28.0.0.161 is now officially available. :)

    Latest Version of Adobe Flash Player - Windows 10 Forums
      My ComputersSystem Spec

  7. ThrashZone's Avatar
    Posts : 3,824
    3-Win-7Prox64 2-Win10Prox64
       06 Feb 2018 #6

    Hi,
    Yeah got to love any updates to flash in 10
    MS always resets everything to default enabling everything again

    I forget what win-10 apps actually use this crapware beside "edge of the cliff" no pun intended @Cliff
      My ComputersSystem Spec

  8.    06 Feb 2018 #7

    I disable flash and only enable it site by site. Some sites like Disney require crapFlash.
      My ComputerSystem Spec

  9. Farvatten's Avatar
    Posts : 36
    Windows 10 Pro 64bit 1809 17763.1
       06 Feb 2018 #8

    KB4074595 - Flash v. 28.0.0.161 just arrived on WU

    Last edited by Brink; 06 Feb 2018 at 22:26. Reason: added link
      My ComputersSystem Spec


 

Related Threads
Adobe Flash Player in Browsers and Email
Hi,Adobe Flash Player comes with Win 10,I have it enabled but recently went onto an account to pay a bill online (using Edge browser) and it said I needed the latest version of Adobe Flash,Adobe site tells me Flash is built into Win 10. Internet ...
Adobe flash player in Software and Apps
I keep having problems with flash player...it stops functioning or the games go really really slow.. I searched my computer which is an Acer Aspire lV obviously windows 10 and I found lots of things to do with Flashplayer...it seems to me I have...
Solved Hackers are exploiting an unpatched Flash Player vulnerability in AntiVirus, Firewalls and System Security
A update for flash player was released today (5/12/16) Hackers are exploiting an unpatched Flash Player vulnerability, Adobe warns | PCWorld
adobe flash player in Software and Apps
flash player willnot turn on even though I followed adobes methology
Solved Adobe Flash Player. in Drivers and Hardware
There seems to be something wrong with the Adobe Flash Player download site. Adobe Flash Player Install for all versions Could some one else try it and see if they can find the download? All I see is a white screen.. 11154 -Chuck
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 05:42.
Find Us