14 DAY TRIAL // Adobe patched a critical vulnerability in Flash Player which could be exploited by potential attackers to trigger an arbitrary code execution condition within the context of the current user.
The Type Confusion security issue is present in Flash Player 31.0.0.148 and earlier releases, and it affects versions running on multiple platforms, from Windows and macOS to Linux and Chrome OS.
As detailed by the Common Weakness Enumeration platform, type confusion errors appear when "The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type."
Moreover, the CVE-2018-15981 vulnerability was rated by Adobe as a critical issue, "which, if exploited would allow malicious native-code to execute, potentially without a user being aware."
Given that successful exploitation of the security bug may result in system compromise and would allow adversaries to execute code without the user's knowledge, Flash Player users should update as soon as possible.
Windows and macOS users are advised to update immediately
The bug is caused by a type confusion error triggered when processing maliciously crafted .swf files which might enable adversaries to execute arbitrary code on the targeted system with the system privileges of the current user.
Adobe rated this type confusion security issue Priority 1 for Windows and macOS considering that these two platforms are high risk and have been long known to be targeted by exploits found in the wild.
Moreover, Adobe advises all Windows and macOS users who have Flash Player installed on their computers to update to the 31.0.0.153 version as soon as possible to mitigate the increased risks.
According to Adobe, Linux users can update their Flash Player installation at their discretion seeing that "This update resolves vulnerabilities in a product that has historically not been a target for attackers."