Saturday, February 8, 2025
HomeCVE/vulnerabilityAdobe Issues Patch for Critical Flash Player Zero-day Vulnerability : Its Time...

Adobe Issues Patch for Critical Flash Player Zero-day Vulnerability : Its Time to Update

Published on

SIEM as a Service

Follow Us on Google News

Adobe has released patches for critical zero-day vulnerabilities in Adobe Flash Player
29.0.0.171 and earlier versions. The updates released for Windows, macOS, Linux and Chrome OS.

The vulnerability, tracked as CVE-2018-5002 was reported by various security firms ICEBRG, Qihoo 360 and Tencent earlier this week. The arbitrary code execution vulnerability resides with the version of Adobe Flash Player 29.0.0.171 and it can be fixed with Adobe Flash Player 30.0.0.113.

Adobe Flash Zero-day Exploited By Attackers

Attackers exploit the vulnerability with a crafted Microsoft Office document “salary.xlsx” to download and execute the flash exploit to victim computers. The attack primarily targets the users and organizations in the middle east.

Adobe Flash Zero-day

Attackers use to embed the flash file remotely to the Office documents through the ActiveX control and the exploit code is delivered by the remote server.

The attack starts by downloading and executing a remote Shockwave Flash (SWF) file and to evade detection in the SWF includes an RSA+AES cryptosystem.

Adobe Flash Zero-day

In the second stage of attack is to download and execute the shell file through the cryptosystem to gain control over the machine and to download additional tools.

Data transfer between the client and server protected by a customized cryptosystem “leveraging a symmetric cipher (AES), that protects the data payload and an asymmetric cipher (RSA) to protect the symmetric key.”

Also Read Adobe Released Security Updates for Adobe Acrobat ,Reader and Photoshop CC : Its Time to Update

The domain for C&C servers registered by attackers mimicking a job search site in the Middle East [people[.]doha****.[]com] and the domain was registered on 2018-02-18.

Adobe fixed the Vulnerability CVE-2018-5002 along with other vulnerabilities CVE-2018-4945 (Arbitrary Code Execution), CVE-2018-5000 (Information Disclosure), CVE-2018-5001 (Information Disclosure), CVE-2018-5002 (Arbitrary Code Execution).

If you are flash users it is highly recommended to update with Adobe Flash Player 30.0.0.113 which includes a fix for all the vulnerabilities.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Microsoft Sysinternals 0-Day Vulnerability Enables DLL Injection Attacks on Windows

A critical zero-day vulnerability has been discovered in Microsoft Sysinternals tools, posing a serious security threat...

7-Zip 0-Day Flaw Added to CISA’s List of Actively Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical 0-day vulnerability...

Logsign Vulnerability Allows Remote Attackers to Bypass Authentication

A critical security vulnerability has been identified and disclosed in the Logsign Unified SecOps...