New Zero-day Vulnerability discovered in Adobe Flash Player

New Zero-day exploit in Flash can allow attackers to get complete control of your devices via a harmless Office Document

Photo Credit : Shutterstock,

A new zero-day vulnerability (CVE-2018-15982) has been discovered in Adobe Flash Player, which is getting exploited by hackers as a part of a targeted phishing campaign. The campaign appears to have been attacking Russian state healthcare institutions.

The zero-day exploit was spotted last week inside malicious Microsoft Office documents, which were submitted to VirusTotal from a Ukrainian IP address.

The malicious Microsoft Office documents contained an embedded Flash ActiveX Object in its header that renders when the user opens the document, causing exploitation of the reported Flash player vulnerability.

How does the exploit work?
According to the researchers the final payload is neither in the Microsoft Office file nor in the Flash exploit (inside it).

Instead, the final payload is inside an image file (scan042.jpg), which is itself an archive file, that has been packed along with the Microsoft Office file inside a parent WinRAR archive. The WinRAR is then distributed through phishing emails.

Upon opening the document, the Flash exploit executes a command on the system to unarchive the image file and run the final payload i.e. backup.exe which has been protected with VMProtect (a mechanism meant to block efforts at reverse engineering and analysis).

The backdoor is programmed to:
- Monitor user activities (keyboard or moves the mouse)
- Collect system information and sending it to a remote command-and-control (C&C) server,
- Execute shellcode
- Load PE in memory,
- Download files
- Execute code, and performing self-destruction.

The vulnerability impacts Adobe Flash Player versions 31.0.0.153 and earlier for products including Flash Player Desktop Runtime, Flash Player for Google Chrome, Microsoft Edge and Internet Explorer 11. Adobe Flash Player Installer versions 31.0.0.108 and earlier is also affected.

Adobe has issued a patch to address CVE-2018-15982. Users and admins are advised to test and install the patches as soon as possible.

Ankush Johar, director at Infosec Ventures, said: "Adobe Flash Player is one of the most exploited products as it is one of the most widely used. Hence, users are suggested always keep an eye on Adobe Flash Player updates and disable auto-flash player execution in your browsers and other software like Microsoft Office.

"Although this vulnerability has just been announced, it is not known for how long it has been out in the open. It is possible that certain malicious hackers might already be exploiting this since time unknown. Privacy today is an Urban Legend and time after time such revelations simply prove the same.

"Security of an individual is in his own hands and the only way to stay secure is to stay vigilant and suspicious about every email, link and message one gets on the Internet. One cannot protect himself if files with zero-day exploits if they get inside your device, however, you can take the below precautions to ensure that the malware doesn’t get into your system in the first place."

* Install a good trusted antivirus with a valid license
* Keep an eye out on fake/fraud phishing emails that might be trying to convince you to visit link/download things by scaring you or luring you with some discount/offers/prizes.
* Never download software from untrusted sources such as pirated websites, blogs, torrents etc as they mostly contain some kind of malware. Only download from official websites.
* Never click on unknown links and attachments in emails.
* Be aware of any social engineering tactics that can be used by hackers to steal data.
* Never leave your system unattended.
* Do not connect to unknown WiFi networks.
* Use two-factor authentication, wherever possible.

If you are running an organization, train your employees and make them aware of the common phishing attacks. Hackers often target employees in order to gain confidential information about the company.


Tags assigned to this article:
Zero-day Vulnerability Adobe Flash Player adobe

Advertisement

Around The World