Adobe addresses a critical security flaw in Adobe Flash Player

Adobe has released a security update to address a critical remote code execution flaw in Adobe Flash Player that could be easily exploited by hackers.

Adobe has released a security update to address a critical remote code execution flaw in Adobe Flash Player (CVE-2020-9746) that could be exploited by threat actors by tricking the victims into visiting a website.

Attackers could exploit this flaw by simply inserting malicious strings in HTTP responses while unaware users visit a website.

“Adobe has released security updates for Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Flash Player. Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user.” reads the security advisory.

“Exploitation of CVE-2020-9746 requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.”

The exploitation of the flaw could lead to a crash that allows the remote attacker to execute commands on a visitor’s device. These commands would be executed under the security context of the current user and would not have administrator privileges.

Adobe has addressed the flaw with the release of Flash Player 32.0.0.445, Adobe users have to install it as soon as possible.

Don’t forget that starting on December 31st, 2020, Adobe will no longer distribute or provide updates for its Flash Player.

Experts believe that the move will reduce the risk of web attacks through the users’ browsers. Across the years, threat actors exploited multiple vulnerabilities in the Flash Player.

In June, Adobe has released security updates to address a critical vulnerability in Flash Player for Windows, macOS, Linux, and Chrome OS.

The issue, tracked as CVE-2020-9633, is a user after free vulnerability that could lead to arbitrary code execution in the context of the current user.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Adobe)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.