[German]On 14 May 2019, Adobe released a series of critical updates for its Adobe Flash Player, Adobe Reader / Adobe Acrobat and Media Encoder.
Update for Flash Player 220.127.116.11
Adobe has released a maintenance and security update for Flash Player, which upgrades it to version 18.104.22.168 and fixes the following bugs according to these Release Notes.
- Internet Explorer unexpectedly quits (FP-4199000) when opening some Web sites.
- Win10 – Increase load time from < 1 to > 30 seconds for AX control in .NET application (FP-4198953)
This update fixes a Use After Free vulnerability (CVE-2019-7837) that has been identified as critical. Adobe’s Security Bulletin APSB19-26 lists the following Flash versions as vulnerable:
|Adobe Flash Player Desktop Runtime||22.214.171.124 and earlier versions||Windows, macOS, Linux|
|Adobe Flash Player for Google Chrome||126.96.36.199 and earlier versions||Windows, Macintosh, Linux and Chrome OS|
|Adobe Flash Player for Microsoft Edge and Internet Explorer 11||188.8.131.52 and earlier versions||Windows 10 and 8.1|
Adobe Flash Player 184.108.40.206 is available for Windows, Macintosh, Linux and Chrome OS platforms. The download links can be found in the Security Bulletin. How to check the Flash version is described in the article Update for Flash Player 220.127.116.11.
Microsoft Flash Update KB4497932
Microsoft has released the update KB4497932 (Flash Player Update) for Windows Server 2019, all versions of Windows 10, Windows Server Version 1803, Windows Server 2016 Version 1709, Windows RT/RT 8.1, Windows 8.1, Windows Server 2016 and Server 2012 R2/Windows Server 2012 as of May 14, 2019. The update can be found in the Microsoft Update Catalog.
Adobe Reader security update
Adobe has also released a security update for Adobe Reader and Adobe Acrobat as well as the DC version.
These updates address critical and important vulnerabilities described in Security Bulletin APSB19-18. Successful exploitation can result in arbitrary code execution in the context of the current user. Adobe has provided updates for the affected products, which can be accessed through the links in the table in Security Bulletin APSB19-18.
Adobe Media Encoder
Adobe has released a security update for Adobe Media Encoder for Windows and macOS. This update fixes a critical vulnerability in file parsing. Successful exploitation can lead to arbitrary code execution in the context of the current user. The vulnerability is described in Security Bulletin APSB19-29 and affects Adobe Media Encoder version 13.0.2. Adobe recommends that users upgrade their installation to the latest version using the Creative Cloud Desktop application upgrade mechanism.