Malware News New 0-day exploit (Flash Player)

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Zero-day spotted embedded in malicious Office documents uploaded on VirusTotal.

Adobe released patches today for a new zero-day vulnerability discovered in the company's popular Flash Player app. The zero-day has been spotted embedded inside malicious Microsoft Office documents. These documents were discovered last month after they've been uploaded on VirusTotal, a web-based file scanning service, from a Ukrainian IP address.
Click to expand...
If victims who received the documents allowed the Flash Active X object to execute, researchers said the malicious code would escalate its access from the Office app to the underlying OS. Here it would drop a JPG file, then unzip another RAR file attached at the end of this JPG file to drop an EXE file on the victim's PC, and then run this file (a basic barebones backdoor trojan).
Click to expand...
 
  • Like
Reactions: catjc, Deletedmessiah, spaceoctopus and 8 others
Andrew3000

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
516
Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks.
Adobe fixed two flaws including a critical use-after-free bug, tracked as CVE-2018-15982, exploited by an advanced persistent threat actor aimed at a healthcare organization associated with the Russian presidential administration.

The flaw could be exploited by attackers to execute arbitrary code, Adobe addressed it with the release of Flash Player 32.0.0.101 for Windows, macOS, Linux, and Chrome OS.

“Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address one critical vulnerability in Adobe Flash Player and one important vulnerability in Adobe Flash Player installer.” reads the security advisory published by Adobe.

“Successful exploitation could lead to Arbitrary Code Execution and privilege escalation in the context of the current user respectively.

Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.”

Adobe confirmed that it is aware of attacks exploiting the flaw in the wild.

Adobe has credited the following experts for reporting the CVE-2018-15982 flaw:

  • Chenming Xu and Ed Miles of Gigamon ATR
  • Yang Kang (@dnpushmen) and Jinquan (@jq0904) of Qihoo 360 Core Security (@360CoreSec)
  • He Zhiqiu, Qu Yifan, Bai Haowen, Zeng Haitao and Gu Liang of 360 Threat Intelligence of 360 Enterprise Security Group
  • independent researcher b2ahex
Attackers used decoy Word documents including Flash file with zero-day vulnerability. The Word document is included in a RAR archive with a JPG picture. When the Flash vulnerability is triggered, the malware extracts the RAT code embedded in the JPG picture.
Click to expand...
First link: VirusTotal
Second link: EdgeSpot - Free online exploit detection service

Source: CVE-2018-15982 Adobe zero-day exploited in targeted attacks
 
Last edited by a moderator:
  • Like
Reactions: catjc, spaceoctopus, Weebarra and 8 others
Mohammad.poorya

Mohammad.poorya

Level 3
Verified
Sep 10, 2018
106
document-1.png



CVE-2018-15982.gif
 
  • Like
Reactions: catjc, spaceoctopus, FrankN209 and 9 others
spaceoctopus

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
The ''simplicity'' of those attacks compared to other types of attacks is what makes them so effective. Hidden behind some documents and sent by mail, for users that are not too much security minded, it can be very destructive. At work and in everyday life, almost no one is gonna verify if it's flash or not.
 
  • Like
Reactions: upnorth, Weebarra and bribon77
Burrito

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
spaceoctopus said:
The ''simplicity'' of those attacks compared to other types of attacks is what makes them so effective. Hidden behind some documents and sent by mail, for users that are not too much security minded, it can be very destructive. At work and in everyday life, almost no one is gonna verify if it's flash or not.
Click to expand...

Exactly.

And Flash... for all its limitations, there are a few things where Flash works best.

But wow, what a history of vulnerabilities that Flash has developed.
 
  • Like
Reactions: upnorth
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft: Unpatched Office zero-day exploited in NATO summit attacks
Replies
0
Views
1,054
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Ink
    • Like
    • Wow
Apple security researcher failed to disclose a 0-day Chrome exploit to Google; misses out on $10,000 reward
Replies
0
Views
1,623
News Archive
Ink
Ink
Gandalf_The_Grey
    • Like
    • +Reputation
Fake zero-day PoC exploits on GitHub push Windows, Linux malware
Replies
1
Views
1,531
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top