Adobe Flash Player zero-day vulnerability
Target: Middle Eastern markets.
Attack Vector: Adobe’s Flash Player software.
Summary: Security researchers from a number of security firms independently contacted Adobe to report attackers using a previously undisclosed zero-day vulnerability in the wild on a large scale. The vulnerability, CVE-2018-5002, affects Adobe’s Flash Player software with firmware version of 18.104.22.168 and earlier. Adobe released a new firmware patch 22.214.171.124 and urged users to install it if they do not have automatic updates activated. This is the second zero-day vulnerability Adobe have patched in 2018 following Korean based attackers deploying CVE-2018-4878 against Korean targets in January .
Risk assessment summary: The threat is assessed as 3c MODERATE. This zero-day vulnerability has been observed actively exploited and, although patched, it remains a vulnerability with many systems still unprotected, driving up the likelihood of successful exploitation. This is likely to stay high until organisations update firmware in their estate. Flash Player is one of Adobes most popular products, raising the likelihood and risk of attack.