Several independent security researchers discovered a zero-day vulnerability last week targeting Adobe Flash. Adobe has now been forced to release a rapid patch as the vulnerability has been exploited in the wild: Through crafted Excel sheet attackers have been targeting Windows devices concentrated in the Middle East. A patch for multiple vulnerabilities, including this one, was recently released by Adobe and users.
Zero-day Adobe Flash vulnerability found in the wild
Adobe Flash has a long history of vulnerabilities and issues. With the following vulnerabilities, the trend does not seem to change. Multiple zero-day vulnerabilities targeting the software were discovered by several independent security firms the last week. One of them has been used in the wild, dubbed CVE-2018-5002.
The used vulnerability is of the stack-based buffer overflow variety and can be used to execute arbitrary code on a system. The attackers utilizing it did with a crafted Excel sheet, exploiting the flaw through and ActiveX plugin. Security firm Icebrg describes it as follows in their report of the attack.
"The attack loads Adobe Flash Player from within Microsoft Office, which is a popular approach to Flash exploitation since Flash is disabled in many browsers"
Unlike similar attacks where Flash content is embedded within the malicious document the attackers used tactically or remotely including the content instead. Therefore the document does not contain any malicious code making detection more difficult.
Middle East the target of campaign
In the same report it is revealed the attackers are targeting Windows devices in the Middle East, specifically individuals in Qatar. As the document is written in Arabic and appear to contain information regarding salary. Similarly, a C&C server found to be employed by the attackers was acting as a job search website within the area.
Adobe released patches for other important vulnerabilities as well. Therefore, if you're still using a version of Flash below 126.96.36.199 on your Windows, Linux, or MacOS device it is either of utmost importance to test and install the updates.