Adobe has recently announced that it patched an arbitrary severe code execution vulnerability in its flash player. It is the only flaw that was fixed by the company in this Patch Tuesday. It has been tracked as CVE-2020-9746 and described as a ‘NULL’ pointer dereference concern.
As Adobe explained in its advisory document, “Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user.”
Such exploitation of the security flaw obliges the attacker to put malicious strings in the HTTP response. By default, it is delivered over TLS, making it more challenging to conduct an attack.