Adobe released an announcement security (APSA18-01) for Adobe Flash Player which confirms a critical vulnerability security patch (original…) present in Player version 28.0.0.137 but also in previous versions.
Flash Player 28.0.0.137 is the latest version of the application, which means that all installed versions of Flash are affected by the vulnerability.
Affected products:
Adobe Flash Player Desktop Runtime on Windows, Linux and Mac platforms.
Adobe Flash Player for Google Chrome on Windows, Mac, Linux, and Chrome OS platforms.
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 8.1 and 10.
Adobe plans to release an update for Flash Player next week, which is supposed to cover the security gaps.
The company confirmed that the vulnerability can be exploited in Windows with its documents Office that have embedded malicious Flash content. Of course these documents are distributed via e-mail.
Adobe reports that vulnerability CVE-2018-4878, is already used in limited and targeted attacks against Windows users.
Adobe also states that anyone who wants to be protected should use Protected View to open any read-only Office documents. This is done from the path File - Options and activate the Protected View options under Trust - Trust Center Settings - Protected View.
All those who use flash, it would be good to turn it off browser because the attacks that have been observed may come through Office documents, but this does not mean that they will not develop into attacks that can be carried out through the web.
Patience, where will it go? Universal disabling of Adobe Flash from all web applications is just coming πως