With the release of September’s scheduled security updates, Adobe fixed two critical vulnerabilities. Problems affect the desktop version of Adobe Flash Player 22.214.171.124 and earlier for Windows, macOS, and Linux, as well as Adobe Flash Player for Google Chrome on Windows, macOS, Linux, and Chrome OS. Vulnerabilities also affected Adobe Flash Player 126.96.36.199 and earlier for Microsoft Edge and Internet Explorer 11 on Windows 10 and 8.1.
CVE-2019-8070 is a memory exploitation vulnerability after release, and CVE-2019-8069 is a vulnerability of the “same origin method execution” type that allows an attacker to perform unexpected actions on behalf of a user.
The September security updates also fix the vulnerability in the installer of the Windows application Adobe Application Manager. CVE-2019-8076 is connected with insecure library loading and allows to hack DLL.