Adobe Issues Out-of-Band Patch for Critical Flash Player Vulnerability (CVE-2018-15981)

Satnam Narang

Adobe has released an out-of-band patch for a critical Flash Player vulnerability. Users are encouraged to upgrade as soon as possible.

Background

On November 20, Adobe released APSB18-44, an out-of-band (OOB) security bulletin to address a zero day vulnerability in Adobe Flash Player versions 31.0.0.148 and earlier for Windows, macOS, Linux and Chrome OS.

This bulletin arrived seven days after Adobe released APSB18-39, it’s monthly security bulletin for November 2018. On the very same day, November 13, researcher Gil Dabah published a blog discussing his discovery of CVE-2018-15981.

It may not seem like a coincidence that both Adobe’s monthly security bulletin and the researcher’s blog were published on the same day. However, Dabah indicated it may just have been a coincidence after all in a tweet:

Vulnerability details

In his blog, Dabah shares details about CVE-2018-15981, a type confusion vulnerability in Adobe Flash Player. Specifically, the vulnerability exists in the interpreter code for Adobe’s ActionScript Virtual Machine (AVM). According to Dabah, the AVM’s interpreter “does not reset a with-scope pointer when an exception is caught” which leads to the type confusion and “eventually to a remote code execution.”

User interaction is required to exploit this vulnerability. An attacker would need to convince users to visit a malicious website, compromise a website or advertising network and inject malicious code.

For further technical details about the vulnerability, please visit Dabah’s blog.

Urgently required actions

Upgrade to the latest version of Flash Player for your respective operating system or web browser. Adobe has provided links in the solution section of their security bulletin.

If Adobe Flash is not a requirement in your network or on your devices, you may consider disabling it altogether.

Identifying affected systems

A list of Nessus plugins to identify this vulnerability will appear here as they’re released.

Get more information

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Read more >

Published on Nov 21, 2018

People also viewed

Customer Success Manager - ANZ

North Sydney Australia Pacific Highway, North Sydney, Australia, NSW 2060 Customer Success Sales
Your Role:Tenable has an immediate need for a Customer Success Manager who will be responsible for establishing and driving sales activities for our software products within a designated geography.Companies today are grappling with an ever expandi...

Finance & Investor Relations Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Finance Internships
Your Role:Tenable has a Finance and Investor Relations Intern opportunity for college students entering their senior year or actively enrolled in an MBA program. If you're looking for a chance to apply what you're learning in your degree program, ...

Field and Channel Marketing Manager, Nordics and Benelux

Uxbridge United Kingdom Furzeground Way , Stockley Park, Uxbridge, United Kingdom, UB11 1EZ Field & Channel Marketing Marketing
Your Role:Tenable seeks an experienced field and channel marketing manager to generate demand for Tenable products and solutions across our Scandinavia and Benelux territories.  The successful candidate will have demonstrated experience creating, ...

Senior Data Engineer

Dublin Ireland Campshires, Sir John Rogerson's Quay, Dublin, Ireland Research Engineering
Your Role:Data Engineers here are involved in designing, developing and maintaining systems for data analysis, transformation, modelling and visualisation. We work directly with the data scientists to develop cutting edge uses of the data we colle...

Technical Support Manager

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Technical Support Technical Support
Your Role:Tenable is seeking a high energy, results oriented customer advocate capable of motivating an already exceptional support team to even higher levels of customer satisfaction. Our current global rating is over 93% satisfaction and we expe...

Cloud Security Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Information Security Internships
Your Role: The Cloud Security Intern will help the Tenable secure their use of cloud systems across the company.  The intern will develop, implement and monitor security solutions for cloud that assess risk, keep Tenable data safe and bake in secu...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.