Monday, April 28, 2025
Follow us On Linkedin
HomeCVE/vulnerabilityAdobe Issues Patch for Critical Flash Player Zero-day Vulnerability : Its Time...

Adobe Issues Patch for Critical Flash Player Zero-day Vulnerability : Its Time to Update

CVE/vulnerability

Published on

By Balaji
Adobe Issues Patch for Critical Flash Player Zero-day Vulnerability : Its Time to Update

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Adobe has released patches for critical zero-day vulnerabilities in Adobe Flash Player
29.0.0.171 and earlier versions. The updates released for Windows, macOS, Linux and Chrome OS.

The vulnerability, tracked as CVE-2018-5002 was reported by various security firms ICEBRG, Qihoo 360 and Tencent earlier this week. The arbitrary code execution vulnerability resides with the version of Adobe Flash Player 29.0.0.171 and it can be fixed with Adobe Flash Player 30.0.0.113.

Adobe Flash Zero-day Exploited By Attackers

Attackers exploit the vulnerability with a crafted Microsoft Office document “salary.xlsx” to download and execute the flash exploit to victim computers. The attack primarily targets the users and organizations in the middle east.

- Advertisement - Google News
Adobe Flash Zero-day

Attackers use to embed the flash file remotely to the Office documents through the ActiveX control and the exploit code is delivered by the remote server.

The attack starts by downloading and executing a remote Shockwave Flash (SWF) file and to evade detection in the SWF includes an RSA+AES cryptosystem.

Adobe Flash Zero-day

In the second stage of attack is to download and execute the shell file through the cryptosystem to gain control over the machine and to download additional tools.

Data transfer between the client and server protected by a customized cryptosystem “leveraging a symmetric cipher (AES), that protects the data payload and an asymmetric cipher (RSA) to protect the symmetric key.”

Also Read Adobe Released Security Updates for Adobe Acrobat ,Reader and Photoshop CC : Its Time to Update

The domain for C&C servers registered by attackers mimicking a job search site in the Middle East [people[.]doha****.[]com] and the domain was registered on 2018-02-18.

Adobe fixed the Vulnerability CVE-2018-5002 along with other vulnerabilities CVE-2018-4945 (Arbitrary Code Execution), CVE-2018-5000 (Information Disclosure), CVE-2018-5001 (Information Disclosure), CVE-2018-5002 (Arbitrary Code Execution).

If you are flash users it is highly recommended to update with Adobe Flash Player 30.0.0.113 which includes a fix for all the vulnerabilities.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cyber Security News

Windows 11 25H2 Expected to Launch with Minor Changes

Microsoft is quietly preparing the next update to its flagship operating system, Windows 11 25H2,...
CVE/vulnerability

China Claims U.S. Cyberattack Targeted Leading Encryption Company

China has accused U.S. intelligence agencies of carrying out a sophisticated cyberattack against one...
CVE/vulnerability

Critical FastCGI Library Flaw Exposes Embedded Devices to Code Execution

A severe vulnerability (CVE-2025-23016) in the FastCGI library-a core component of lightweight web server...
cyber security

Viasat Modems Zero-Day Vulnerabilities Let Attackers Execute Remote Code

A severe zero-day vulnerability has been uncovered in multiple Viasat satellite modem models, including...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

CVE/vulnerability

China Claims U.S. Cyberattack Targeted Leading Encryption Company

China has accused U.S. intelligence agencies of carrying out a sophisticated cyberattack against one...
CVE/vulnerability

Critical FastCGI Library Flaw Exposes Embedded Devices to Code Execution

A severe vulnerability (CVE-2025-23016) in the FastCGI library-a core component of lightweight web server...
CVE/vulnerability

React Router Vulnerabilities Allow Attackers to Spoof Content and Alter Values

The widely used React Router library, a critical navigation tool for React applications, has...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved