Adobe Flash Player zero-day vulnerability

Adobe Flash Player zero-day vulnerability

Target: Middle Eastern markets.
Attack Vector: Adobe’s Flash Player software.
Summary: Security researchers from a number of security firms independently contacted Adobe to report attackers using a previously undisclosed zero-day vulnerability in the wild on a large scale. The vulnerability, CVE-2018-5002, affects Adobe’s Flash Player software with firmware version of 29.0.0.171 and earlier. Adobe released a new firmware patch 30.0.0.113 and urged users to install it if they do not have automatic updates activated. This is the second zero-day vulnerability Adobe have patched in 2018 following Korean based attackers deploying CVE-2018-4878 against Korean targets in January .
Risk assessment summary: The threat is assessed as 3c MODERATE. This zero-day vulnerability has been observed actively exploited and, although patched, it remains a vulnerability with many systems still unprotected, driving up the likelihood of successful exploitation. This is likely to stay high until organisations update firmware in their estate. Flash Player is one of Adobes most popular products, raising the likelihood and risk of attack.

MalSpam

MalSpam Campaign Targets Unpatched Flash Exploit Systems

Target: Users with unpatched Flash vulnerability – CVE-2018-4878

Attack Vector: Malicious Word Document distributed by email

Summary: Attackers are leveraging a newly patched critical Adobe Flash Player vulnerability in a spam campaign targeting unpatched devices. Spam messages urging recipients to click on links to download malicious Word Documents are being distributed to victims in an attempt to exploit CVE-2018-4878, an Abode Flash Player bug. This can result in the attacker taking control of the victim’s device.

Risk assessment summary: The threat is assessed as 3e MODERATE and the likelihood has been rated as POSSIBLE. If successful, victims could ultimately hand over control of their systems to an attacker by merely opening a suspicious email urging the recipient to click on a URL. The attackers are attempting to exploit the period between patch release and point where the majority of users are protected. Therefore the key to mitigation in this instance is to ensure an efficient and prioritized patch roll out to ensure critical internet facing systems user systems are protected at the earliest available opportunity.