Critical Adobe Flash Player Bug and More in June’s Patch Tuesday (Jun 12, 2019)
Adobe has issued patches for 88 vulnerabilities for the June 2019 Patch Tuesday. 21 of the vulnerabilities were rated as critical. One was a Remote Code Execution (RCE) vulnerability, registered as “CVE-2019-7845,” in Adobe Flash Player (versions 220.127.116.11 and earlier) that could be exploited by a threat actor to run arbitrary code on an affected machine. Other vulnerabilities issued patches were located in ColdFusion, bypassing file extension blacklist while uploading a file (CVE-2019-7838), command injection (CVE-2019-7839), and deserialization of untrusted data (CVE-2019-7840).
Recommendation: Patch Tuesday should be expected every month in order to apply the latest security patches to software utilized by your company. In Adobe's case, it is common for new vulnerabilities to be identified quite regularly. Utilizing the automatic update feature in Flash Player is a good mediation step to ensure that your company is always using the most recent version.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.