Adobe patched a critical vulnerability in Flash Player which could be exploited by potential attackers to trigger anarbitrary code execution condition within thecontext of the current user.
As detailed by theCommon Weakness Enumeration platform, type confusion errors appear when "The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type."
Moreover, the CVE-2018-15981 vulnerability was rated by Adobe as a critical issue, "which, if exploited would allow malicious native-code to execute, potentially without a user being aware."
Given that successfulexploitation of the security bug may result in system compromise and would allow adversaries to execute code without the user's knowledge,Flash Player users should update as soon as possible.Windows and macOS users are advised to update immediately
The bug is caused by a type confusion error triggered when processing maliciously crafted .swf files which might enable adversaries toexecute arbitrary code on the targeted system with the system privileges of the current user.
Adobe rated this type confusion security issue Priority 1 for Windows and macOS considering that these two platforms are high risk and have been long known to be targeted by exploits found in the wild.
Moreover, Adobe advises all Windows and macOS users who have Flash Player installed on their computers to update to the 18.104.22.168 version as soon as possible to mitigate the increased risks.
According to Adobe, Linux users can update their Flash Player installation at their discretion seeing that "This update resolves vulnerabilities in a product that has historically not been a target for attackers."