[German]On April 10, 2018, Adobe released a security update for its Flash player (just in time for patchday). This update updates the Flash Player to version 29.0.0.140.

Adobe Flash Player Plugin Disclaimer: This webpage is intended to provide you information about patch announcement for certain specific software products. The information is provided 'As Is' without warranty of any kind. Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. View Analysis Description. The Adobe Flash Player is freeware software for viewing multimedia, executing Rich Internet Applications, and streaming video and audio, content created on the Adobe Flash platform. Notes This package is only for Windows XP to Windows 7, because Windows 8 already contains an integrated Flash Player for Internet Explorer. Adobe Flash Player ) New! Plugin Severity Now Using CVSS v3. The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Advertising

Adobe Security Bulletin APSB18-08 shows a priority of 2 for this update. The Release Notes mentions the new update contains important bug fixes (for macOS and in settings panel), and security updates. [Addendum: Bleeping Computer has more details here: 6 security flaws are patched.] Affected are the following flash versions.

ProductVersionPlatform
Adobe Flash Player Desktop Runtime29.0.0.113 and earlier versionsWindows, Macintosh
Adobe Flash Player for Google Chrome29.0.0.113 and earlier versionsWindows, Macintosh, Linux and Chrome OS
Adobe Flash Player for Microsoft Edge and Internet Explorer 1129.0.0.113 and earlier versionsWindows 10 and 8.1
Adobe Flash Player Desktop Runtime29.0.0.113 and earlier versionsLinux

Adobe Flash Player 29.0.0.140 is available for Windows, Macintosh, Linux and Chrome OS platforms. If you have activated the auto-update function of the Flash Player and installed the player separately, you should receive this update automatically.

All Words(adobe Flash Player 8

Adobe Flash Player <= 29.0.0.113 (apsb18-08)

For Windows 8.1 and Windows 10, Microsoft will roll them out tonight from 7:00 p.m. via Windows Update. Direct download links for the update are mentioned here – but I did not check them.

Adobe Flash Player <= 29.0.0.113 (apsb18-08)

Flash Player Chrome

Check for Updates in Google Chrome and Slimjet

The Chrome Browser should automatically pull the update. You can also manually check for updates by typing chrome://components into the address bar. Medieval 2 total war mod.

Advertising
Adobe flash player 29.0 download

Then you will find the entries show in the screenshot above. There is also a button to search for Flash updates. Output movement 1.1.0.4 for macos.

Which Flash Player version do I have installed?

The installed Flash version can be queried on this Adobe web site. There you can see if the Flash-Player is supported in the browser, which version is used and which version is available for the update at Adobe.

If you update the Flash Player via the above Adobe page, make sure that the PUPs offered (McAfee Security Scan Plus and True Key from Intel) are not installed with the software.

Direct Flash Player downloads from Adobe

Visit this Adobe page and check in the upper right corner the entry Last Published to make sure, the latest update has been released. Then scroll down to section ‘Still having problems?’ – there are direct download links for Flash player.

Similar articles
Adobe Flash: usage is fading away
Beware of fake flash player updates
How to update Flash Player in Chrome or Slimjet?
How to disable Adobe Flash Player in Windows 8, 8.1, 10

Cookies helps to fund this blog: Cookie settings
Advertising

All Words(adobe Flash Player X

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Publish Date : 2018-05-19 Last Update Date : 2019-03-07
Scroll To Comments External Links

- CVSS Scores & Vulnerability Types

CVSS Score
Confidentiality ImpactComplete(There is total information disclosure, resulting in all system files being revealed.)
Integrity ImpactComplete(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability ImpactComplete(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access ComplexityLow(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
AuthenticationNot required(Authentication is not required to exploit the vulnerability.)
Gained AccessNone
Vulnerability Type(s)Execute Code
CWE ID787

- Products Affected By CVE-2018-4937

#Product TypeVendorProductVersionUpdateEditionLanguage
No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.

- References For CVE-2018-4937

http://www.securityfocus.com/bid/103708
BID 103708 Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities Release Date:2018-04-16
https://security.gentoo.org/glsa/201804-11
GENTOO GLSA-201804-11
http://www.securitytracker.com/id/1040648
SECTRACK 1040648
https://access.redhat.com/errata/RHSA-2018:1119
REDHAT RHSA-2018:1119
https://www.exploit-db.com/exploits/44529/
EXPLOIT-DB 44529
https://helpx.adobe.com/security/products/flash-player/apsb18-08.html

- Metasploit Modules Related To CVE-2018-4937

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)