Adobe Flash Vulnerability Can Lead to Code Execution and Asset Takeover (CVE-2018-15982)
Adobe has issued an out-of-band advisory for CVE-2018-15982. Through the use of a maliciously crafted RAR file, an attacker exploiting this vulnerability can take over the machine of users that run it.
Hintergrund
Adobe has released an out-of-band security bulletin. that includes patches for CVE-2018-15982, a critical arbitrary code execution vulnerability in Adobe Flash which has been used to allegedly attack Polyclinic No. 2, which is affiliated with the Presidential Administration of Russia. Users are encouraged to update all applications that incorporate Flash.
Analyse
The attack requires a user to open and run a malicious file that takes advantage of a dangling pointer, allowing the attacker to insert their code into the target’s memory, which Flash then executes. As with most code execution vulnerabilities, this vulnerability establishes a backdoor or similar foothold on the target.
In spear phishing campaigns, attacks are often designed to appear as legitimate emails, documents or tools, such as a Chrome extension that the organization often uses. In this case, attackers created a fake employee survey document that users understandably believed they needed to complete.
Quelle: 360 Core Security
Proof-of-Concept
360 Core Security, one of the groups credited by Adobe with discovering this vulnerability, has an excellent technical write-up on how this attack works, and specifically how it was allegedly used against the Polyclinic site.
Once the payload is delivered, it disguises itself as an Nvidia driver application to further obfuscate infection.
Quelle: 360 Core Security
Lösung
Adobe’s advisory provides the following information on updating Flash:
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, macOS and Linux update to Adobe Flash Player 32.0.0.101 via the update mechanism within the product* or by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 32.0.0.101 for Windows, macOS, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 32.0.0.101.
*Note: Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.
Identifizieren betroffener Systeme
A list of Nessus plugins to identify this vulnerability will appear here as they’re released.
Weitere Informationen
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.
Verwandte Artikel
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Strengthening the Nessus Software Supply Chain with SLSA
April 16, 2024You know Tenable as a cybersecurity industry leader whose world-class exposure management products are trusted by our approximately 43,000 customers, including about 60% of the Fortune 500. But sometimes we like to give you a peek behind the curtain to share how we protect our own house against cyberattacks – and that’s what this blog is about. Today we’re sharing our experience adopting the supply-chain security framework SLSA, with the hopes that the lessons we learned will be helpful to you.
Cybersecurity Snapshot: CISA Says Midnight Blizzard Swiped U.S. Gov’t Emails During Microsoft Hack, Tells Fed Agencies To Take Immediate Action
April 12, 2024Check out CISA’s urgent call for federal agencies to protect themselves from Midnight Blizzard’s breach of Microsoft corporate emails. Plus, a new survey shows cybersecurity pros are guardedly optimistic about AI. Meanwhile, SANS pinpoints the four trends CISOs absolutely must focus on this year. And the NSA is sharing best practices for data security. And much more!
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
April 18, 2024The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.
- Vulnerability Management