Adobe has once again patched a serious flaw in the Flash Player that has been exploited in the wild. This critical zero-day Flash Player vulnerability could allow potential arbitrary codes execution. According to the researchers, active exploits of the flaw are already around where the hackers leverage Microsoft Office files to target victims.
Zero-Day Flash Player Vulnerability Actively Exploited
As disclosed recently, Adobe has patched critical zero-day Flash Player vulnerability. The vulnerability could allow an attacker to execute arbitrary commands. Several researchers reported this critical use after free vulnerability (CVE-2018-15982) to Adobe after which the firm patched the bug. However, Adobe confirmed the wild exploits of this vulnerability.
As elaborated by Gigamon ATR researchers in their blog post, the hackers leverage an MS Word document, purportedly named “22.docx”, to exploit the flaw. The document contains a maliciously crafted Flash object that executes upon reaching the victim’s computer. Regarding the kind of document, the researchers stated,
“The document was submitted to VirusTotal from a Ukranian IP address and contains a purported employment application for a Russian state healthcare clinic.”
Allegedly, the document contains a Flash active X control in the document header that exploits and executes a malicious command. This command, in turn, extracts and executes the final payload following the extraction of “scan042.jpg” having this payload. To escape possible reverse engineering and analysis, VMProtect safeguards this payload named “backup.exe” – an NVIDIA Control Panel.
The following gif shows how the exploit happens on a victim’s computer.
The final payload is what facilitates the attacker to take over victim’s computer. As stated by the researchers,
“Upon execution, the payload collects system information, establishes persistence, and communicates with a remote server via HTTP POST.”
Another Important Vulnerability Also Patched
Besides the critical vulnerability discussed above, Adobe also fixed an important security vulnerability in Flash Player. This Insecure Library Loading (DLL hijacking) vulnerability (CVE-2018-15983) could lead to privilege escalation.
Reportedly, both the vulnerabilities affected the Flash Player versions including and prior to 220.127.116.11 across all devices and operating systems. After the reports of the bugs, Adobe patched them in the version 18.104.22.168. Users must ensure updating their systems with the latest Flash Player version to stay protected from these exploits.