Adobe Patched Zero-Day Vulnerability




Adobe has recently issued a security update for Flash Player in order to fix a zero-day vulnerability that was exploited by attackers in the wild.

The Flash Player vulnerability (CVE-2018-5002), a stack-based buffer over-flow bug that could empower discretionary code execution, was taken care of on the seventh of June.

The weakness was found and independently made public to a few security firms significantly including the ICEBRG, Tencent, and two security divisions from Chinese digital security mammoth Qihoo 360. Tracked as CVE-2018-5002, it effectively impacts Adobe Flash Player 29.0.0.171 and its earlier versions although it was reported to be settled with the timely release of Flash Player 30.0.0.113.

 “It allows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions,” said the researchers from ICEBRG's Security Research Team, who were the first to report the discovered vulnerability.

The exploit utilizes a cautiously developed Microsoft Office report to download and execute an Adobe Flash exploit to the victims' PC, as per ICEBRG analysts. The documents were sent basically through email, as per Adobe.

Both ICEBRG and Qihoo 360 discovered evidence that proposed that the exploit was focusing on Qatari victims, in light of the geopolitical interests.

“The weaponized document … is an Arabic language themed document that purports to inform the target of employee salary adjustments,” ICEBRG researchers said. “Most of the job titles included in the document is diplomatic in nature, specifically referring to salaries with positions referencing secretaries, ambassadors, diplomats, etc.”

As indicated by Will Dormann of CERT/CC, other than fixing the actual imperfection, Adobe likewise included an extra dialog window that inquires the users as to whether they want to stack remote SWF records inside Office documents or not. The incite relief additionally comes to settle an issue with Office applications, where Flash content is in some cases downloaded consequently, without provoking the user ahead of time.




Category: / /

Share this with Your friends: