June 10, 2018
Adobe has issued an emergency update that tackles an actively abused zero-day fault in Flash Player that is being used in targeted attacks on Windows users.
The susceptibility, traced as CVE-2018-5002, is a stack-based buffer overflow weakness that lets random code implementation. The fault has been ranked critical.
Numerous phishing campaigns have been noticed that are using Office documents with fixed Flash Player matter to download malware. Apart from opening the document, no additional user interaction is needed. The Flash Player matter runs automatically and links with the attackers C2 computer network when the document is opened, leading to the downloading of the malevolent program.
The phishing campaigns seem to be targeting businesses in Qatar. Doha, 360 Enterprise Security Group, ICEBRG, and Qohoo 360 have been credited with recognizing the weakness, with the latter signifying the weakness is being used in a nation-state backed cyber espionage campaign.
The fault is existing in Adobe Flash Player for Microsoft Edge, Adobe Flash Player for Google Chrome, Adobe Flash Player Desktop Runtime, and Internet Explorer. Users have been instructed to update to the newest type of Flash Player 126.96.36.199 to rectify the weakness.
A second critical fault has been rectified in the latest issue. CVE-2018-4945 is a type confusion weakness known through Trend Micro’s Zero Day Initiative. The fault also enables an attacker to carry out arbitrary code.
Two more weaknesses have been rectified: CVE-2018-5000 is an Integer Overflow fault and CVE-2018-5001 is an out-of-bounds read weakness, both of which have been ranked important.
Users of Microsoft Edge/IE v11 and Google Chrome will automatically have the fix downloaded, even though that doesn’t seem to have occurred at the time of posting. Users of macros, Adobe Flash Player Desktop Runtime for Windows, and Linux will have to update to the latest type of Flash manually. Otherwise, Flash must be removed or disabled.
The upgrade for Adobe Flash Player Desktop Runtime for Linux has been allotted a priority ranking of 3; nevertheless, on all other platforms, the upgrade has been allotted a priority ranking of 1 – the highest level.