Security updates for Flash Player on Windows, macOS, Linux, and Chrome OS were released by Adobe yesterday on Patch Tuesday. The vulnerabilities discovered were found in Flash Player 220.127.116.11, which had two bugs (CVE-2019-8070 & CVE-2019-8069), and were released with a priority level of two, and a DLL hijacking bug (CVE-2019-8076), which was released with a priority level three on Windows OS. The two flaws in Flash Player 18.104.22.168 are use-after-free issues that could have possibly allowed unauthorized users to execute arbitrary code on a targeted user’s machine. Researchers stated that they believed the execution of the vulnerabilities would have been a daunting task which is why they received a low priority rating. As for the DLL hijacking bug, if exploited, attackers would have access to the user’s system by executing arbitrary code through the Adobe Application Manager installer. “This vulnerability exclusively impacts the installer used with the Adobe Application Manager. CVE-2019-8076 does not impact the existing Application Manager, and there is no action for a customer running earlier versions,” stated the security advisory.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.