Tuesday, April 15, 2025
Follow us On Linkedin
HomeCVE/vulnerabilityAdobe Issues Patch for Critical Flash Player Zero-day Vulnerability : Its Time...

Adobe Issues Patch for Critical Flash Player Zero-day Vulnerability : Its Time to Update

CVE/vulnerability

Published on

By Balaji
Adobe Issues Patch for Critical Flash Player Zero-day Vulnerability : Its Time to Update

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Adobe has released patches for critical zero-day vulnerabilities in Adobe Flash Player
29.0.0.171 and earlier versions. The updates released for Windows, macOS, Linux and Chrome OS.

The vulnerability, tracked as CVE-2018-5002 was reported by various security firms ICEBRG, Qihoo 360 and Tencent earlier this week. The arbitrary code execution vulnerability resides with the version of Adobe Flash Player 29.0.0.171 and it can be fixed with Adobe Flash Player 30.0.0.113.

Adobe Flash Zero-day Exploited By Attackers

Attackers exploit the vulnerability with a crafted Microsoft Office document “salary.xlsx” to download and execute the flash exploit to victim computers. The attack primarily targets the users and organizations in the middle east.

- Advertisement - Google News
Adobe Flash Zero-day

Attackers use to embed the flash file remotely to the Office documents through the ActiveX control and the exploit code is delivered by the remote server.

The attack starts by downloading and executing a remote Shockwave Flash (SWF) file and to evade detection in the SWF includes an RSA+AES cryptosystem.

Adobe Flash Zero-day

In the second stage of attack is to download and execute the shell file through the cryptosystem to gain control over the machine and to download additional tools.

Data transfer between the client and server protected by a customized cryptosystem “leveraging a symmetric cipher (AES), that protects the data payload and an asymmetric cipher (RSA) to protect the symmetric key.”

Also Read Adobe Released Security Updates for Adobe Acrobat ,Reader and Photoshop CC : Its Time to Update

The domain for C&C servers registered by attackers mimicking a job search site in the Middle East [people[.]doha****.[]com] and the domain was registered on 2018-02-18.

Adobe fixed the Vulnerability CVE-2018-5002 along with other vulnerabilities CVE-2018-4945 (Arbitrary Code Execution), CVE-2018-5000 (Information Disclosure), CVE-2018-5001 (Information Disclosure), CVE-2018-5002 (Arbitrary Code Execution).

If you are flash users it is highly recommended to update with Adobe Flash Player 30.0.0.113 which includes a fix for all the vulnerabilities.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

CISO

The Future of Authentication: Moving Beyond Passwords

Traditional passwords have been the cornerstone of digital security for six decades, but their...
CVE/vulnerability

CentreStack 0-Day Exploit Enables Remote Code Execution on Web Servers

A critical 0-day vulnerability has been disclosed in CentreStack, a popular enterprise cloud storage...
CVE/vulnerability

Over 100,000 WordPress Plugin Vulnerability Exploited Just 4 Hours After Disclosure

Over 100,000 WordPress websites have been exposed to a critical security vulnerability, following the...
Cyber Security News

Hackers Use Microsoft Teams Chats to Deliver Malware to Windows PCs

A sophisticated cyberattack campaign has emerged, leveraging Microsoft Teams chats to infiltrate Windows PCs...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

CVE/vulnerability

CentreStack 0-Day Exploit Enables Remote Code Execution on Web Servers

A critical 0-day vulnerability has been disclosed in CentreStack, a popular enterprise cloud storage...
CVE/vulnerability

Over 100,000 WordPress Plugin Vulnerability Exploited Just 4 Hours After Disclosure

Over 100,000 WordPress websites have been exposed to a critical security vulnerability, following the...
CVE/vulnerability

Apache Roller Vulnerability Allows Hackers to Bypass Access Controls

A newly disclosed vulnerability in Apache Roller, the popular open-source blog server, could allow...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved