07 December 2018

Security Update for Adobe Flash Player

Trouble strikes again as Adobe patches security vulnerabilities in Flash Player, including a zero-day vulnerability that has been spotted being exploited in the wild.

Adobe has released an ‘out-of-band emergency update’, after a defect was exposed by Chenming Xu and Ed Miles of Gigamon Applied Threat Research and Qihoo 360 Core Security. They discovered a phishing campaign exploiting CVE-2018-15982 , a use-after-free flaw permitting arbitrary code execution on a victim’s computer.

According to researchers the document was submitted to VirusTotal from a Ukrainian IP address, portraying a 7-page employment application for a Russian state healthcare clinic. Following further investigation, it was found that the Flash defect was condensed inside of the document and works on both 32-bit and 64-bit systems.

 Once the vulnerability was triggered, another payload was downloaded and run: an encrypted backdoor disguised as an NVIDIA control panel application, digitally signed with a valid certificate (that has since been revoked). Its capabilities include, monitoring user activity (mouse moves, typing on keyboard), collecting machine information and sending it to a C&C, executing shellcode, establishing persistence and downloading file execution code. It is also protected with VMProtect, a mechanism meant to block efforts at reverse engineering and analysis.

What Steps Should I Take?

Adobe has released a batch of security updates for Windows, macOS, Linux and Chrome OS, advising users to update and test their systems as soon as possible. This incorporates, the Flash Player app, Google Chrome, Microsoft Internet Explorer and Edge, due to the fact flash player is used within each of these applications.

The updates address a significant vulnerability in both the Adobe Flash Player and the Adobe Flash Installer. Those affected by this attack can update to version 32.0.0.101 and 31.0.0.122, for users of Adobe Flash Player.