Adobe has released a security patch update for a critical vulnerability in its Flash Player software. The malware is actively exploiting targeted attacks against Windows users. Adobe Flash player zero-day attacks have primarily been targeting users in the Middle East using a specially crafted Excel spreadsheet.
The stack-based buffer overflow vulnerability, explained in CVE-2018-5002[1], impacts Adobe Flash Player 29.0.0.171 and earlier versions on Windows, MacOS, and Linux, as well as Adobe Flash Player for Google Chrome. Additionally, it can be exploited to achieve arbitrary code execution on targeted systems.
Adobe has released an advisory via: https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
The vulnerability resides in the interpreter code of the Flash Player that handles static-init methods, which fails to correctly handle the exceptions for try/catch statements.
Prevention and Mitigation Strategies
Adobe has released the patch for the vulnerability. Our customers are urged to apply the patch as soon as possible.
For questions or comments regarding this report, please contact Global Guardian through Wapack Labs at 603-606-1246, or feedback@wapacklabs.com
[1] https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
Comments