Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. The update (APSB18-19) addresses two critical and two important vulnerabilities in Adobe Flash Player 18.104.22.168 and earlier versions.
Successful exploitation could lead to arbitrary code execution in the context of the current user.
Adobe said they are aware of exploits in the wild of one of the critical ‘stack-based buffer overflow’ vulnerabilities (CVE-2018-5002) that could result in arbitrary code execution.
Limited attacks against Windows users, such as those in Middle East, leverage Office docs with embedded malicious Flash Player content sent via phishing emails.