Multiple vulnerabilities in Adobe Flash Player could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
This update addresses six memory corruption vulnerabilities and a use-after-free vulnerability that could lead to arbitrary code execution. An attacker could exploit these vulnerabilities by persuading a user to visit a web page that contains crafted Flash content. If successful, the attacker could execute arbitrary code on the targeted system, which the attacker could leverage for further attacks.
The following versions of Adobe Flash Player are vulnerable:
- Flash Player Desktop Runtime versions 188.8.131.52 and prior for Windows, Macintosh, and Linux
- Flash Player Desktop Runtime versions 184.108.40.206 and prior for Macintosh
- Flash Player for Google Chrome versions 220.127.116.11 and prior for Windows, Macintosh, Linux, and ChromeOS
- Flash Player for Microsoft Edge and Internet Explorer 11 versions 18.104.22.168 and prior for Windows 10 and Windows 8.1
Administrators are advised to apply the appropriate updates.
Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.
Administrators are advised to monitor affected systems.
Adobe has released a security bulletin at the following link: APSB17-15
Adobe has released software updates at the following links:
Red Hat has released multiple CVE statements and a security advisory for multiple bugs at the following link: RHSA-2017-1219
Red Hat has released updated software for registered subscribers at the following link: Red Hat Network. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later by using the yum tool.