Adobe has released a security update to address a critical remote code execution flaw in Adobe Flash Player (CVE-2020-9746) that could be exploited by threat actors by tricking the victims into visiting a website.
Attackers could exploit this flaw by simply inserting malicious strings in HTTP responses while unaware users visit a website.
“Adobe has released security updates for Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Flash Player. Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user.” reads the security advisory.
“Exploitation of CVE-2020-9746 requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.”
The exploitation of the flaw could lead to a crash that allows the remote attacker to execute commands on a visitor’s device. These commands would be executed under the security context of the current user and would not have administrator privileges.
Adobe has addressed the flaw with the release of Flash Player 32.0.0.445, Adobe users have to install it as soon as possible.
Don’t forget that starting on December 31st, 2020, Adobe will no longer distribute or provide updates for its Flash Player.
Experts believe that the move will reduce the risk of web attacks through the users’ browsers. Across the years, threat actors exploited multiple vulnerabilities in the Flash Player.
In June, Adobe has released security updates to address a critical vulnerability in Flash Player for Windows, macOS, Linux, and Chrome OS.
The issue, tracked as CVE-2020-9633, is a user after free vulnerability that could lead to arbitrary code execution in the context of the current user.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Adobe)
[adrotate banner=”5″]
[adrotate banner=”13″]
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.