Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks.
Adobe fixed two flaws including a critical use-after-free bug, tracked as CVE-2018-15982, exploited by an advanced persistent threat actor aimed at a healthcare organization associated with the Russian presidential administration.
The flaw could be exploited by attackers to execute arbitrary code, Adobe addressed it with the release of Flash Player 32.0.0.101 for Windows, macOS, Linux, and Chrome OS.
“Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address one critical vulnerability in Adobe Flash Player and one important vulnerability in Adobe Flash Player installer.” reads the security advisory published by Adobe.
“Successful exploitation could lead to Arbitrary Code Execution and privilege escalation in the context of the current user respectively.
Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.”
Adobe confirmed that it is aware of attacks exploiting the flaw in the wild.
Adobe has credited the following experts for reporting the CVE-2018-15982 flaw:
- Chenming Xu and Ed Miles of Gigamon ATR
- Yang Kang (@dnpushmen) and Jinquan (@jq0904) of Qihoo 360 Core Security (@360CoreSec)
- He Zhiqiu, Qu Yifan, Bai Haowen, Zeng Haitao and Gu Liang of 360 Threat Intelligence of 360 Enterprise Security Group
- independent researcher b2ahex
Attackers used decoy Word documents including Flash file with zero-day vulnerability. The Word document is included in a RAR archive with a JPG picture. When the Flash vulnerability is triggered, the malware extracts the RAT code embedded in the JPG picture.