Several independent security researchers discovered a zero-day vulnerability last week targetting Adobe Flash. Adobe has now been forced to release a rapid patch as the vulnerability has been exploited in the wild: Through a crafted Excel sheet attackers have been targeting Windows devices concentrated in the Middle East. A patch for multiple vulnerabilities, including this one, was recently released by Adobe and users are encouraged to update.
Zero-day Adobe Flash vulnerability found in the wild
Adobe Flash has a long history of vulnerabilities and issues. With the following vulnerabilities in tow the trend does not seem to change. Multiple zero-day vulnerabilities targeting the software were discovered by several independent security firms the last week. One of them has been found used in the wild, dubbed CVE-2018-5002.
The used vulnerability is of the stack-based buffer overflow variety and can be used to execute arbitrary code on a system. The attackers utilizing it did so with a crafted Excel sheet, exploiting the flaw through an ActiveX plugin. Security firm Icebrg describes it as follows in their report of the attack.
“The attack loads Adobe Flash Player from within Microsoft Office, which is a popular approach to Flash exploitation since Flash is disabled in many browsers”
Unlike similar attacks where Flash content is embedded within the malicious document the attackers used the tactic of remotely including the content instead. Therefore the document does not contain any malicious code making detection more difficult.
Middle East the target of campaign
In the same report it is revealed the attackers are targeting Windows devices in the Middle East, specifically individuals in Qatar. As the document is written in Arabic and appear to contain information regarding salary. Similarly, a C&C-server found to be employed by the attackers was acting as a job search website within the area.
Other than the afforementioned vulnerability Adobe released patches for other important vulnerabilities as well. Therefore, if you’re still using a version of Flash below 126.96.36.199 on your Windows, Linux, or MacOS device it is of utmost importance to test and install the updates.