A security feature bypass vulnerability exists in Microsoft Edge handles whitelisting. Edge depends on a default whitelist of sites where Adobe Flash will load without user interaction. Because the whitelist was not scheme-aware, an attacker could use a man in the middle attack to cause Flash policies to be bypassed and arbitrary Flash content to be loaded without user interaction. The security update addresses the vulnerability by modifying how affected Microsoft Edge handles whitelisting.