MalSpam Campaign Targets Unpatched Flash Exploit Systems

Target: Users with unpatched Flash vulnerability – CVE-2018-4878

Attack Vector: Malicious Word Document distributed by email

Summary: Attackers are leveraging a newly patched critical Adobe Flash Player vulnerability in a spam campaign targeting unpatched devices. Spam messages urging recipients to click on links to download malicious Word Documents are being distributed to victims in an attempt to exploit CVE-2018-4878, an Abode Flash Player bug. This can result in the attacker taking control of the victim’s device.

Risk assessment summary: The threat is assessed as 3e MODERATE and the likelihood has been rated as POSSIBLE. If successful, victims could ultimately hand over control of their systems to an attacker by merely opening a suspicious email urging the recipient to click on a URL. The attackers are attempting to exploit the period between patch release and point where the majority of users are protected. Therefore the key to mitigation in this instance is to ensure an efficient and prioritized patch roll out to ensure critical internet facing systems user systems are protected at the earliest available opportunity.

Leave a Reply

Your email address will not be published. Required fields are marked *