Security updates for Flash Player on Windows, macOS, Linux, and Chrome OS were released by Adobe yesterday on Patch Tuesday. The vulnerabilities discovered were found in Flash Player 18.104.22.168, which had two bugs (CVE-2019-8070 & CVE-2019-8069), and were released with a priority level of two, and a DLL hijacking bug (CVE-2019-8076), which was released with a priority level three on Windows OS. The two flaws in Flash Player 22.214.171.124 are use-after-free issues that could have possibly allowed unauthorized users to execute arbitrary code on a targeted user’s machine. Researchers stated that they believed the execution of the vulnerabilities would have been a daunting task which is why they received a low priority rating. As for the DLL hijacking bug, if exploited, attackers would have access to the user’s system by executing arbitrary code through the Adobe Application Manager installer. “This vulnerability exclusively impacts the installer used with the Adobe Application Manager. CVE-2019-8076 does not impact the existing Application Manager, and there is no action for a customer running earlier versions,” stated the security advisory.
As for any vulnerability, users should always download or install patches as soon as they are released. The longer they wait, the more susceptible they become to attacks that will put their information and system at risk.