Users for all impacted platforms are urged to update to version 32.0.0.255.
Specifically impacted is Adobe Flash Player Desktop Runtime versions 32.0.0.238 and earlier (for Windows, macOS and Linux) Flash Player for Google Chrome versions 32.0.0.238 and earlier (for Windows, macOS, Linux and Chrome OS) and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.238 (for Windows 10 and 8.1).
The other bug would need to be paired with a sandbox escape to do the same,” he said.
Once the flaw is exploited, “an attacker could use CVE-2019-8069 to execute their code on a target system at the level of the logged on user. “This would be visiting a specially crafted webpage or opening a crafted file.” In order to exploit the flaws, “an attacker would need to get someone to view a specially crafted Flash file with an affected version of Flash,” Childs told Threatpost. Those two vulnerabilities include a use-after-free flaw (CVE-2019-8070) and a same origin method execution glitch (CVE-2019-8069), both of which could enable arbitrary code-execution in the context of the current user.ĭustin Childs, manager with Trend Micro’s Zero Day Initiative, told Threatpost that CVE-2019-8069 exists in the navigateToURL function (used to open a URL in a web browser or other application) in the ActionScript programming language for Flash Player. Meanwhile CVE-2019-8070 exists within the handling of objects in the PSDK namespace. Overall, as part of its September Security Bulletin, Adobe patched three vulnerabilities, including two critical-severity flaws in Flash Player and one “important” glitch in Adobe Application Manager. At this point, Adobe said that it is not aware of any exploits in the wild for any of the patched vulnerabilities.Īdobe’s Flash Player flaws are the most severe, both ranking critical in severity.
Only here, the installer interface has changed, the current package includes significantly more programs than its namesake Creative Suite 6, and the versions of the programs themselves are mostly fresher.Adobe has issued patches for critical vulnerabilities in Flash Player which, if exploited, could lead to arbitrary code execution. But, nevertheless, is in front of you! And it is assembled on the basis of a modern installer, manufactured by Adobe, the transition to which was made possible through joint efforts,Īdobe Master Collection CC 2020 is a collection of applications from the Creative Cloud 2020 line and a number of junior version programs combined by a single installer with the ability to select the installation path and the language of the installed programs.In terms of functionality, everything is very similar to the well-proven Adobe Master Collection CS6 in the past. Adobe Master Collection CC 2020 does not exist in nature, Adobe has never released it.