Malware News New 0-day exploit (Flash Player)

[LASER_oneXM]

Zero-day spotted embedded in malicious Office documents uploaded on VirusTotal.

Adobe released patches today for a new zero-day vulnerability discovered in the company's popular Flash Player app. The zero-day has been spotted embedded inside malicious Microsoft Office documents. These documents were discovered last month after they've been uploaded on VirusTotal, a web-based file scanning service, from a Ukrainian IP address.

If victims who received the documents allowed the Flash Active X object to execute, researchers said the malicious code would escalate its access from the Office app to the underlying OS. Here it would drop a JPG file, then unzip another RAR file attached at the end of this JPG file to drop an EXE file on the victim's PC, and then run this file (a basic barebones backdoor trojan).

 

[Andrew3000]

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks.
Adobe fixed two flaws including a critical use-after-free bug, tracked as CVE-2018-15982, exploited by an advanced persistent threat actor aimed at a healthcare organization associated with the Russian presidential administration.

The flaw could be exploited by attackers to execute arbitrary code, Adobe addressed it with the release of Flash Player 32.0.0.101 for Windows, macOS, Linux, and Chrome OS.

“Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address one critical vulnerability in Adobe Flash Player and one important vulnerability in Adobe Flash Player installer.” reads the security advisory published by Adobe.

“Successful exploitation could lead to Arbitrary Code Execution and privilege escalation in the context of the current user respectively.

Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.”

Adobe confirmed that it is aware of attacks exploiting the flaw in the wild.

Adobe has credited the following experts for reporting the CVE-2018-15982 flaw:

• Chenming Xu and Ed Miles of Gigamon ATR
• Yang Kang (@dnpushmen) and Jinquan (@jq0904) of Qihoo 360 Core Security (@360CoreSec)
• He Zhiqiu, Qu Yifan, Bai Haowen, Zeng Haitao and Gu Liang of 360 Threat Intelligence of 360 Enterprise Security Group
• independent researcher b2ahex

Attackers used decoy Word documents including Flash file with zero-day vulnerability. The Word document is included in a RAR archive with a JPG picture. When the Flash vulnerability is triggered, the malware extracts the RAT code embedded in the JPG picture.

First link: VirusTotal
Second link: EdgeSpot - Free online exploit detection service

Source: CVE-2018-15982 Adobe zero-day exploited in targeted attacks

 

[redsworn]

Flash Player and exploits...
Name a more iconic duo.

 

[DeepWeb]

Man when is Flash player finally going to die?

 

[ChemicalB]

Now Flash is a "war relic", nothing new under the sun.

 

[Mohammad.poorya]

 

[KonradPL]

Flash is like cockroach...

 

[bribon77]

Man when is Flash player finally going to die?

For me he has died a long time ago. I do not use it.

 

[upnorth]

Usage Statistics of Flash for Websites, December 2018

 

[spaceoctopus]

The ''simplicity'' of those attacks compared to other types of attacks is what makes them so effective. Hidden behind some documents and sent by mail, for users that are not too much security minded, it can be very destructive. At work and in everyday life, almost no one is gonna verify if it's flash or not.

 

[Burrito]

The ''simplicity'' of those attacks compared to other types of attacks is what makes them so effective. Hidden behind some documents and sent by mail, for users that are not too much security minded, it can be very destructive. At work and in everyday life, almost no one is gonna verify if it's flash or not.

Exactly.

And Flash... for all its limitations, there are a few things where Flash works best.

But wow, what a history of vulnerabilities that Flash has developed.