Security updates for Flash Player on Windows, macOS, Linux, and Chrome OS were released by Adobe yesterday on Patch Tuesday. The vulnerabilities discovered were found in Flash Player 184.108.40.206, which had two bugs (CVE-2019-8070 & CVE-2019-8069), and were released with a priority level of two, and a DLL hijacking bug (CVE-2019-8076), which was released with a priority level three on Windows OS. The two flaws in Flash Player 220.127.116.11 are use-after-free issues that could have possibly allowed unauthorized users to execute arbitrary code on a targeted user’s machine. Researchers stated that they believed the execution of the vulnerabilities would have been a daunting task which is why they received a low priority rating. As for the DLL hijacking bug, if exploited, attackers would have access to the user’s system by executing arbitrary code through the Adobe Application Manager installer. “This vulnerability exclusively impacts the installer used with the Adobe Application Manager. CVE-2019-8076 does not impact the existing Application Manager, and there is no action for a customer running earlier versions,” stated the security advisory.
By: Dan McNemar It is not a new concept that criminals use the Darknet to