Alert: Adobe Flash Zero-Day RCE Vulnerability (CVE-2018-4878)

  • Post author:
  • Reading time:3 mins read

Adobe-Flash-RCE-Vulnerability

A new critical Adobe Flash Player zero-day vulnerability reported in the wild. The vulnerability identifies as CVE-2018-4878  is actively believed to be being exploited against South Koreans. According to the South Korean Computer Emergency Response Team which discovered the zero-day, the zero-day is believed to be a Flash SWF file embedded in MS Word documents. However, an attacker just needs to convince a user to open a Microsoft Office document, web page, or a spam mail containing the Flash file and can take complete control of the underlying system. Moreover, it is known as RCE Vulnerability. A vulnerability management tool can detect this vulnerability.

By using a patch management solution, we can remediate this vulnerability.

Adobe has released an advisory (APSA18-01) acknowledging the existence of this critical RCE vulnerability CVE-2018-4878. According to Adobe,

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email. Adobe will address this vulnerability in a release planned for the week of February 5.


Affected versions of Adobe Flash Player by RCE vulnerability:

  • Flash Player versions 28.0.0.137 and earlier for Windows, Macintosh, and Linux.
  • Flash Player version  28.0.0.137 and earlier for Adobe Flash Player for Google Chrome.
  • Flash Player version 28.0.0.137 and earlier for Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 and Windows 8.1.

Recommendation:

Until Adobe releases a security patch for the vulnerability employ in following temporary recommendations:

  • Implement Protected View for Office. Protected View opens a file marked as potentially unsafe in read-only mode.
  • Change Flash Player’s behavior prompting the user before playing SWF content.
  • Remove Adobe Flash Player if not required.
  • Do not open an unknown email attachment, links, office documents etc.
  • Do not download anything from unknown sources or sites.
  • Always use latest updates of antivirus programs, and enable real-time monitoring.

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates (as soon as patches are avaialble). Download SanerNow and keep your systems updated and secure.


This Post Has One Comment

  1. nick jonas

    Yes, Adobe has a vulnerability whose patch was not made quickly, as a result, it was exploited and the loophole was known to many.Now they have resolved the loopholes.

Comments are closed.