Emergency Update: Zero-Day Exploit in Adobe Flash
Yet another patch has been released with security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS addressing multiple critical vulnerabilities. On 7 June, Adobe Security Bulletin announced that the exploits exist in the wild.
Used to target Windows users, the exploit leverages Office documents with embedded malicious Flash Player content distributed by email in the Adobe Flash Player 18.104.22.168 and earlier versions.
The update patched several vulnerabilities in Adobe Flash, and Adobe acknowledge all of those who disclosed the different flaws, expressing thanks to the individuals who worked to protect Adobe customers.
Trend Micro's Zero Day Initiative anonymously reported two vulnerabilities, CVE-2018-5000 and CVE-2018-5001. In collaboration with Trend Micro's Zero Day Initiative, Jihui Lu of Tencent KeenLab and willJ of Tencent PC Manager, reported vulnerability CVE-2018-4945.
"This is a confusion vulnerability, which means that the code does not properly inspect input data," said Allan Liska, threat intelligence analyst at Recorded Future. "When successfully exploited, this vulnerability allows for remote code execution."
The second critical vulnerability (CVE-2018-5002), reported by multiple sources, is a buffer overflow vulnerability that also allows for remote code execution. Liska noted that this is currently being exploited in the wild as part of several phishing campaigns.
"The exploit takes advantage of a Flash file embedded in a Microsoft Office document," said Liska. "When the victim opens the Office Document the Trojaned Flash code automatically runs and executes shell code, which calls out to the attackers command-and-control servers."
To protect themselves users should immediately upgrade their Adobe Flash and disable macros in Microsoft Office. Adobe recommends accessing the About Flash Player page in order to verify which version of Flash is installed on the system. Users who have selected the option to allow updates in Adobe Flash Player Desktop Runtime for Windows, macOS and Linux should automatically receive the most recent security updates.
Source: Information Security Magazine