Adobe Flash Player 2018 Update Tracker

Just like the 2015 and 2016 tracker  and 2017 trackers that are incredibly popular on this blog; I am providing the same information below for the year 2018.

I have created a new post to make the timeline easier to follow. As before it will be updated throughout the year with any details of the Flash vulnerabilities being exploited.

Thank you.

=======================

=======================
9th January: Adobe releases Flash Player v28.0.0.137 resolving 1x priority 2 CVE (defined).

6th February: Adobe releases Flash Player v28.0.0.161 resolving 2x priority 1 CVEs. Please see the timeline update for the 13th of April (below) for more information on how one of these vulnerabilities is now being exploited.

13th March: Adobe releases Flash Player v29.0.0.113 resolving 2x priority 2 CVEs.

10th April: Adobe releases Flash Player v29.0.0.140 resolving 6x priority 2 CVEs.

8th May 2018: Adobe releases Flash Player v29.0.0.171 resolving 1x priority 2 CVE.

7th June 2018: Adobe releases Flash Player v30.0.0.113 resolving 4x CVEs with an overall priority of 1.

10th July 2018: Adobe releases Flash Player v30.0.0.134 resolving 2x CVEs with an overall priority of 2.

14th August 2018: Adobe releases Flash Player v30.0.0.154 addressing 5x CVEs with an overall priority of 2.

11th September 2018: Adobe releases Flash Player v31.0.0.108 addressing 1x CVE with an overall priority of 2.

14th November 2018: Adobe releases Flash Player v31.0.0.148 addressing 1x priority 2 CVE.
=======================

Update: 10th January 2018: The timeline was updated to add the Adobe Flash Player update for January 2018. At the time of writing no exploits for the issue fixed by this update are known to be taking place.

Update: 13th February 2018: The timeline was updated to add the Adobe Flash Player update for February. One of these vulnerabilities CVE-2018-2878 is a zero day (defined) vulnerability being exploited in targeted attacks.

Update: 13th March 2018: The timeline was updated to add the Adobe Flash Player update for March. At the time of writing neither of the 2 vulnerabilities fixed are being exploited.

Update 1st April 2018: No further vulnerabilities within Flash Player were disclosed during the Pwn2Own 2018 competition.

Update 13th April 2018: The timeline was updated to add the Adobe Flash Player update for April. At the time of writing none of the 6 vulnerabilities fixed are being exploited.

Update 8th May 2018: The timeline was updated to add the Adobe Flash Player update for May. Similar to April; at the time of writing the resolved vulnerability is not being exploited.

CVE-2018-4878; the use after free (defined) vulnerability resolved by Adobe in February is now being used by the ThreadKit exploit key (defined) to send Microsoft Office documents exploiting this flaw. Please update Adobe Flash Player if you have it installed and do not open any document attached to an email you weren’t expecting. Further details are available in this news article.

Update: 12th June 2018: The timeline was updated to add the Adobe Flash Player update for June. This was released ahead of schedule on the 7th of June. This update resolved a zero day vulnerability (defined) CVE-2018-5002 which required little to no user interaction to trigger. Further details are available in my separate blog post.

Update: 27th July 2018: A US Senator has asked for 3 government agencies to cease using Adobe Flash by August 2019 in advance of the deadline set by Adobe for of the end of year 2020. The timeline was also updated to include the Adobe Flash Player update for July.

Update 23rd August 2018: The timeline was updated to add the Adobe Flash Player update for August. At the time of writing none of the 5 addressed vulnerabilities are being exploited.

Update 9th October 2018: The timeline was updated to add the Adobe Flash Player update for September (sorry for the delay). At the time of writing the addressed vulnerability is not being exploited. No updates for October 2018 have been issued.

Update 14th November 2018: The timeline was updated to add the Adobe Flash Player update for November. At the time of writing the addressed vulnerability is not being exploited. No updates for October 2018 were issued.

=======================

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.