
Adobe Flash 0-day vulnerability (CVE-2018-4878) - reimertz
https://helpx.adobe.com/security/products/flash-player/apsa18-01.html
======
koolba
Per the article it says that Chrome is affected as well. What mitigations does
the sandboxing of Chrome provide against something like this? I'd assume the
remote command execution (RCE) is limited to the sandbox, but what
specifically does that limit?

Even if the sandboxed process can't read or write to disk, with the recent
Intel CPU issues it would have full access to anything in memory right?

------
reimertz
This is a 0-day, cross-platform and full-system compromise vulnerability. This
is pretty bad.

"A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player
28.0.0.137 and earlier versions. Successful exploitation could potentially
allow an attacker to take control of the affected system."

