In the past couple of years, Adobe’s Flash Player has been identified as one of the most vulnerable software out there. Considering its popularity, the software was used for a plethora of services, making them highly vulnerable to hacks as well. It was this reason that companies started to move away from Flash onto other technologies. However, for those of you that still use apps that rely on Adobe’s insecure technology, we have some more bad news for you.
Discovered by South Korea’s CERT, a zero-day vulnerability has been discovered on Adobe’s Flash player, that could allow Remote Code Execution (RCE) on various platforms. What makes it worse is that the loophole is already being exploited against Windows users, although on a limited scale.
The exploit is carried out by embedding a Flash SWF file in a Microsoft Excel document. Once you open the document, it allows the Flash object to download the ROKRAT payload from malicious websites. The payload is a RAT (Remote Administration Tool) that is used in cloud platforms to procure documents. Once it is downloaded, the attack loads it to the memory and executes it.
In its official support forum, Adobe has acknowledged the issue and said that the vulnerability (CVE-2018-4878), “exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.”
As of now, it is still unclear as to how many people have fallen victim to the latest exploit. However, as a security advisory, Adobe has warned that the vulnerability, if exploited fully, can potentially allow an attacker to take control of a system completely. The platforms which stand affected by the new zero-day bug include Adobe Flash Player for Desktop Runtime, Google Chrome, Microsoft Edge, Internet Explorer 11 across Windows, Macintosh, Linux, and Chrome OS.
Adobe has announced that it will address the vulnerability in a release planned for the week of February 5. Furthermore, it has asked users to monitor the Adobe Product Security Incident Response Team for any updates. It is recommended that system administrators use the Protected View for Office, and change Flash Player’s behavior on Internet Explorer on Windows 7 and below, such that it warns a user before playing an SWF file.