SECURITY
SECURITY
SECURITY
Adobe releases update for serious Flash vulnerability that’s actively getting exploited
Adobe Systems Inc. today released an urgent update for Flash after the discovery of a serious security vulnerability that’s being used by a group against targets in Russia.
First detected by cybersecurity firm Gigamon, the vulnerability, dubbed CVE-2018-15982, allows for a maliciously crafted Flash object to execute code on a victim’s computer, enabling the attacker to gain command line access to the given system.
The attack using the vulnerability was first detected Nov. 29 and surprisingly was targeting a Russian state healthcare clinic. The distribution used a Russian language Microsoft Word document that was masquerading as an employment application. According to Gigamon, the document contains seven pages of personal questions that typically would be in an employment application.
As is usual with spear phishing campaigns, the Word document included malicious code, in this case, an embedded Flash Active X control in the header that renders upon document opening and causes exploitation of the Flash player within Office. “Following exploitation, a malicious command is executed that attempts to extract and execute an accompanying payload,” the Gigamon security researchers explained.
The origin of the attack is unknown, though it did occur only days after Russian warships seized Ukrainian vessels in the Kerch Strait. Gigamon noted that the final payload in the attack is a variant of the Scout malware from notorious Italian spyware vendor Hacking Team.
Although the vulnerability so far has been detected only in Russia, the urgency of Adobe’s release of the patch highlights how serious it potentially is.
In a security bulletin, Adobe said the vulnerability was present in Adobe Flash Player for Windows, macOS, Linux and Chrome OS and involved one critical vulnerability in Adobe Flash Player and another in Adobe Flash Player installer.
Modern browsers now mostly block Flash content from loading, but many computer users still have the software installed. This vulnerability is independent of browser usage, so it’s recommended that users make sure that their Flash installation is up to date, including this latest security patch.
Image: Thiemo Gillissen/Flickr
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
