This month, as part of Patch Tuesday, Adobe eliminated only one critical flaw in their products is a vulnerability in the Flash Player.
The problem got the identifier CVE-2020-9746 and is related to the dereferencing of a null pointer. Adobe engineers say that successful exploitation of this vulnerability could cause the application to crash and could be used to execute arbitrary code in the context of the current user.
However, it is also noted that it is not so easy to attack this vulnerability. The fact is that for this, the attacker will need to inject a malicious sequence into the HTTP response, which is transmitted by default via TLS / SSL when the user visits the site. Therefore, the company does not expect hackers to exploit this bug any time soon.
Issue CVE-2020-9746 has been fixed in Flash Player version 184.108.40.2065 for Windows, macOS, Linux and Chrome OS.
Let me remind you that support for Adobe Flash Player will be completely discontinued on December 31, 2020, after which it will no longer be supported by all modern browsers. Work on a complete phase-out of Flash has been underway since 2017, when companies Apple, Facebook, Google, Microsoft, Mozillaas well as the company itself Adobe announced the official date when the technology will finally be "put to death".