Adobe Flash Player 2018 Update Tracker

Just like the 2015 and 2016 tracker  and 2017 trackers that are incredibly popular on this blog; I am providing the same information below for the year 2018.

I have created a new post to make the timeline easier to follow. As before it will be updated throughout the year with any details of the Flash vulnerabilities being exploited.

Thank you.

=======================

=======================
9th January: Adobe releases Flash Player v28.0.0.137 resolving 1x priority 2 CVE (defined).

6th February: Adobe releases Flash Player v28.0.0.161 resolving 2x priority 1 CVEs. Please see the timeline update for the 13th of April (below) for more information on how one of these vulnerabilities is now being exploited.

13th March: Adobe releases Flash Player v29.0.0.113 resolving 2x priority 2 CVEs.

10th April: Adobe releases Flash Player v29.0.0.140 resolving 6x priority 2 CVEs.

8th May 2018: Adobe releases Flash Player v29.0.0.171 resolving 1x priority 2 CVE.

=======================

Update: 10th January 2018: The timeline was updated to add the Adobe Flash Player update for January 2018. At the time of writing no exploits for the issue fixed by this update are known to be taking place.

Update: 13th February 2018: The timeline was updated to add the Adobe Flash Player update for February. One of these vulnerabilities CVE-2018-2878 is a zero day (defined) vulnerability being exploited in targeted attacks.

Update: 13th March 2018: The timeline was updated to add the Adobe Flash Player update for March. At the time of writing neither of the 2 vulnerabilities fixed are being exploited.

Update 1st April 2018: No further vulnerabilities within Flash Player were disclosed during the Pwn2Own 2018 competition.

Update 13th April 2018: The timeline was updated to add the Adobe Flash Player update for April. At the time of writing none of the 6 vulnerabilities fixed are being exploited.

Update 8th May 2018: The timeline was updated to add the Adobe Flash Player update for May. Similar to April; at the time of writing the resolved vulnerability is not being exploited.

CVE-2018-4878; the use after free (defined) vulnerability resolved by Adobe in February is now being used by the ThreadKit exploit key (defined) to send Microsoft Office documents exploiting this flaw. Please update Adobe Flash Player if you have it installed and do not open any document attached to an email you weren’t expecting. Further details are available in this news article.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s