MalSpam Campaign Targets Unpatched Flash Exploit Systems
Target: Users with unpatched Flash vulnerability – CVE-2018-4878
Attack Vector: Malicious Word Document distributed by email
Summary: Attackers are leveraging a newly patched critical Adobe Flash Player vulnerability in a spam campaign targeting unpatched devices. Spam messages urging recipients to click on links to download malicious Word Documents are being distributed to victims in an attempt to exploit CVE-2018-4878, an Abode Flash Player bug. This can result in the attacker taking control of the victim’s device.
Risk assessment summary: The threat is assessed as 3e MODERATE and the likelihood has been rated as POSSIBLE. If successful, victims could ultimately hand over control of their systems to an attacker by merely opening a suspicious email urging the recipient to click on a URL. The attackers are attempting to exploit the period between patch release and point where the majority of users are protected. Therefore the key to mitigation in this instance is to ensure an efficient and prioritized patch roll out to ensure critical internet facing systems user systems are protected at the earliest available opportunity.