UPDATED 22:18 EST / DECEMBER 05 2018

SECURITY

Adobe releases update for serious Flash vulnerability that’s actively getting exploited

Adobe Systems Inc. today released an urgent update for Flash after the discovery of a serious security vulnerability that’s being used by a group against targets in Russia.

First detected by cybersecurity firm Gigamon, the vulnerability, dubbed CVE-2018-15982, allows for a maliciously crafted Flash object to execute code on a victim’s computer, enabling the attacker to gain command line access to the given system.

The attack using the vulnerability was first detected Nov. 29 and surprisingly was targeting a Russian state healthcare clinic. The distribution used a Russian language Microsoft Word document that was masquerading as an employment application. According to Gigamon, the document contains seven pages of personal questions that typically would be in an employment application.

As is usual with spear phishing campaigns, the Word document included malicious code, in this case, an embedded Flash Active X control in the header that renders upon document opening and causes exploitation of the Flash player within Office. “Following exploitation, a malicious command is executed that attempts to extract and execute an accompanying payload,” the Gigamon security researchers explained.

The origin of the attack is unknown, though it did occur only days after Russian warships seized Ukrainian vessels in the Kerch Strait. Gigamon noted that the final payload in the attack is a variant of the Scout malware from notorious Italian spyware vendor Hacking Team.

Although the vulnerability so far has been detected only in Russia, the urgency of Adobe’s release of the patch highlights how serious it potentially is.

In a security bulletin, Adobe said the vulnerability was present in Adobe Flash Player for Windows, macOS, Linux and Chrome OS and involved one critical vulnerability in Adobe Flash Player and another in Adobe Flash Player installer.

Modern browsers now mostly block Flash content from loading, but many computer users still have the software installed. This vulnerability is independent of browser usage, so it’s recommended that users make sure that their Flash installation is up to date, including this latest security patch.

Image: Thiemo Gillissen/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU