Adobe Releases Out of Band Zero Day Update

Earlier today Adobe released an out of band (un-scheduled) update for Flash Player to resolve 2x critical CVEs (defined) and 2x Important CVEs. One of these designated CVE-2018-5002 is a zero day (defined) vulnerability under active attack which originate from Microsoft Office documents with embedded Flash content. The exploits are said to trigger with little to no user interaction.

While Adobe confirmed the attacks are limited and targeted in nature, they are thought to target users in the Middle East.

This Flash Player update also adds a dialog box which prompts user when viewing an Office document if they wish to load Flash Player content.

If you use Adobe Flash Player, please install the update as soon as possible using the steps provided within Adobe’s security bulletin. Google and Microsoft will make available updates for their browsers very shortly.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.