Adobe on Wednesday released Vulnerability-related.PatchVulnerability several unscheduled fixes for Flash Player , including a critical vulnerability that it said is being exploited Vulnerability-related.DiscoverVulnerability in the wild . The critical vulnerability , CVE-2018-15982 , is a use-after-free flaw enabling arbitrary code-execution in Flash . “ Adobe has released Vulnerability-related.PatchVulnerability security updates for Adobe Flash Player for Windows , macOS , Linux and Chrome OS , ” Adobe said in its release Vulnerability-related.PatchVulnerability . “ These updates address Vulnerability-related.PatchVulnerability one critical vulnerability in Adobe Flash Player and one important vulnerability in Adobe Flash Player installer . Successful exploitation could lead to arbitrary code-execution and privilege-escalation in the context of the current user respectively. ” The flaw was discovered Vulnerability-related.DiscoverVulnerability by Chenming Xu and Ed Miles of Gigamon ATR . Researchers also outlined Vulnerability-related.DiscoverVulnerability the further technical details about the exploit of the vulnerability . Impacted Vulnerability-related.DiscoverVulnerability is Adobe Flash Player Desktop Runtime , Adobe Flash Player for Google Chrome ; Adobe Flash Player for Microsoft Edge and Internet Explorer 11 ; all for versions 31.0.0.153 and earlier . Adobe Flash Player Installer versions 31.0.0.108 and earlier is also affected Vulnerability-related.DiscoverVulnerability . Users of these impacted products can update Vulnerability-related.PatchVulnerability to version 32.0.0.101 , according to Adobe . Users of Adobe Flash Player Installer can update Vulnerability-related.PatchVulnerability to version 31.0.0.122 . Adobe also patched Vulnerability-related.PatchVulnerability an important-rated insecure library loading ( via DLL hijacking ) vulnerability , CVE-2018-15983 , that could lead to privilege escalation via Adobe Flash . This is only the latest exploit to hit Adobe Flash – earlier in June , a zero-day Flash vulnerability was is being exploited Vulnerability-related.DiscoverVulnerability in the wild in targeted attacks against Windows users in the Middle East , according to researchers . Adobe dealt with another zero-day Flash vulnerability back in February , which was exploited Vulnerability-related.DiscoverVulnerability by North Korean hackers .

Adobe on Wednesday released Vulnerability-related.PatchVulnerability several unscheduled fixes for Flash Player , including a critical vulnerability that it said is being exploited Vulnerability-related.DiscoverVulnerability in the wild . The critical vulnerability , CVE-2018-15982 , is a use-after-free flaw enabling arbitrary code-execution in Flash . “ Adobe has released Vulnerability-related.PatchVulnerability security updates for Adobe Flash Player for Windows , macOS , Linux and Chrome OS , ” Adobe said in its release Vulnerability-related.PatchVulnerability . “ These updates address Vulnerability-related.PatchVulnerability one critical vulnerability in Adobe Flash Player and one important vulnerability in Adobe Flash Player installer . Successful exploitation could lead to arbitrary code-execution and privilege-escalation in the context of the current user respectively. ” The flaw was discovered Vulnerability-related.DiscoverVulnerability by Chenming Xu and Ed Miles of Gigamon ATR . Researchers also outlined Vulnerability-related.DiscoverVulnerability the further technical details about the exploit of the vulnerability . Impacted Vulnerability-related.DiscoverVulnerability is Adobe Flash Player Desktop Runtime , Adobe Flash Player for Google Chrome ; Adobe Flash Player for Microsoft Edge and Internet Explorer 11 ; all for versions 31.0.0.153 and earlier . Adobe Flash Player Installer versions 31.0.0.108 and earlier is also affected Vulnerability-related.DiscoverVulnerability . Users of these impacted products can update Vulnerability-related.PatchVulnerability to version 32.0.0.101 , according to Adobe . Users of Adobe Flash Player Installer can update Vulnerability-related.PatchVulnerability to version 31.0.0.122 . Adobe also patched Vulnerability-related.PatchVulnerability an important-rated insecure library loading ( via DLL hijacking ) vulnerability , CVE-2018-15983 , that could lead to privilege escalation via Adobe Flash . This is only the latest exploit to hit Adobe Flash – earlier in June , a zero-day Flash vulnerability was is being exploited Vulnerability-related.DiscoverVulnerability in the wild in targeted attacks against Windows users in the Middle East , according to researchers . Adobe dealt with another zero-day Flash vulnerability back in February , which was exploited Vulnerability-related.DiscoverVulnerability by North Korean hackers .

The list of tested apps includes MyPasswords , Informaticore , LastPass , Keeper , F-Secure Key , Dashlane , Hide Pictures Keep Safe Vault , Avast Passwords , and 1Password . All tested apps were installed on at least 500,000 devices , with some apps having millions of users . The research team says Vulnerability-related.DiscoverVulnerability these apps featured Vulnerability-related.DiscoverVulnerability different kinds of security flaws , listed below : `` The overall results were extremely worrying and revealed Vulnerability-related.DiscoverVulnerability that password manager applications , despite their claims , do not provide enough protection mechanisms for the stored passwords and credentials , '' the research team concluded Vulnerability-related.DiscoverVulnerability . `` Instead , they abuse the users ' confidence and expose them to high risks . '' In total , security researchers found Vulnerability-related.DiscoverVulnerability 26 security bugs , ranging from low to critical-level issues . The research team went public with their findings at the start of the week . Initially , app makers fixed Vulnerability-related.PatchVulnerability 23 of the 26 flaws , with Avast still lagging behind on three issues . Nevertheless , by March 1 , Avast had also patched Vulnerability-related.PatchVulnerability its product , and now users can update Vulnerability-related.PatchVulnerability to the applications ' latest versions to mitigate Vulnerability-related.PatchVulnerability all issues discovered Vulnerability-related.DiscoverVulnerability during the research . The research team 's name is TeamSIK ( Security Is Key ) , made up of several security professionals from the Fraunhofer Institute for Secure Information Technology in Darmstadt , Germany . Vulnerability reports Vulnerability-related.DiscoverVulnerability for most of the found issues are available on TeamSIK 's project homepage