Technology with attitude

Security Flaws in Adobe Flash Player which all should know about

0

Adobe Flash Player has announced recently that it will terminate Flash Player and will only continue to offer security patches for a short period of time. The latest security patch added on Tuesday, Adobe fixed two important vulnerabilities. These vulnerabilities are important because they could be used for remote code execution.

CVE-2017-11281 and CVE-2017-11282 flaws

These two vulnerabilities were rated critical and were discovered by Google Project Zero specialists: Mateusz Jurczyk and Natalie Silvanovich. The flaws are caused by memory corruption issues and the update fixing them was released for Windows, Macintosh, Chrome OS and Linux.

Adobe used the help authoring tool RoboHelp to release the patch against vulnerabilities. The vulnerabilities were reported by Reynold Regan from the Center for Technology & Innovation in Chennai (CNSI).

Adobe has also released patches for flaws in ColdFusion 11 and 2016 for the XML parsing vulnerability reported as critical and for an XSS flaw. The latter could have lead to information disclosure, which is not something any user would want.

Flash Player will cease to exist in 2020

Adobe is planning to end Flash Player at the end of the year 2020 in order to allow other technologies more secure and advance to take its place. Such technology is found in open standards such as HTML5, WebGL and WebAssembly. These programs have progressed and matured and are now viable alternatives.
According to Adobe, this decision was made in collaboration with its technology partners (Apple, Facebook, Google, Mozilla, and Microsoft).

Even if the end of Adobe’s Flash Player is near, users should remember that until then, it is still very much necessary to update to the latest in order to avoid security issues. Lately, many security issues have been reported by Flash Player users.