Adobe releases patch for Zero-Day vulnerability in Flash Player

Buzz

Today, Adobe has just released a patch for the Zero-Day vulnerability in Flash Player. Previously, security firms such as ICEBRG, Tencent, and the Chinese online security company Qihoo 360 discovered and reported this vulnerability.

This critical vulnerability is identified as CVE-2018-5002, impacting Adobe Flash Player 29.0.0.171 and older versions. Recently, Adobe has also released version Flash Player 30.0.0.113 to patch this security flaw.

Adobe issues a fix for Zero-Day vulnerability in Flash Player

Zero-day Vulnerability Exploited through Office Files

According to the Chinese online security company Qihoo 360, attackers are leveraging a zero-day vulnerability in Flash Player to target entities in the Middle East. Experts believe the perpetrators behind these attacks are a state-sponsored cyber espionage group.

In a detailed post about the zero-day vulnerability by Qihoo 360, experts stated: 'We suspect the targeted area of the attacker is Doha, Qatar.'

Experts indicate that hackers are using Office files to exploit the Flash zero-day vulnerability. The attacker sends Office files to victims to download malicious SWF files from remote servers and execute them within the Office document.

Malicious files exploit CVE-2018-5002 to execute code on the user's computer, then infect the victim's computer with other malware.

ICEBRG indicates that the vulnerabilities are triggered when users open documents. Detecting these zero-day attacks is very difficult because the attack documents do not contain any malicious code; all malware is downloaded in the second stage.

Zero-day attacks are prepared within a 3-month timeframe

Experts at Qihoo 360 also emphasize: 'Attackers deploy these plans on cloud services and spend at least 3 months preparing for the attack. Detailed content of phishing attacks is also adjusted according to the target.' 'All recent clues indicate that this is a typical APT attack.'

According to Will Dormann of CERT/CC, in addition to patching actual vulnerabilities, Adobe also adds a dialog box asking users if they want to download SWF files within Office documents.

The latest Adobe Flash Player update is now available for users. To download the new Adobe Flash Player, visit this link.

Download Adobe Flash Player and install it here: Get the Flash Player

In addition to patching CVE-2018-5002, the new Adobe Flash update also includes fixes for 3 other security vulnerabilities.

This marks the second zero-day vulnerability patch for Flash Player discovered this year. Back in January, hackers in North Korea deployed the first zero-day Flash vulnerability (CVE-2018-4878), targeting South Korea.

With just a few days left until the start of the 2018 World Cup in Russia, Google has expanded its search functionality, making it easier for internet users to look up team schedules. This is incredibly convenient for users to track the 2018 World Cup schedule.

The content is developed by the Mytour team with the aim of customer care and solely to inspire travel experiences. We do not take responsibility for or provide advice for other purposes.

If you find this article inappropriate or containing errors, please contact us via email at [email protected]

Frequently Asked Questions

What is the Zero-Day vulnerability recently patched by Adobe for Flash Player?

The recently patched Zero-Day vulnerability, identified as CVE-2018-5002, affects Adobe Flash Player versions 29.0.0.171 and older. This vulnerability could allow attackers to execute malicious code on users' computers by exploiting Office files.

How are attackers exploiting the Flash Player vulnerability through Office files?

Yes, attackers exploit the Flash Player vulnerability by sending malicious Office files to victims. When opened, these files can download harmful SWF files from remote servers and execute them, leading to malware infections.

What additional vulnerabilities does the latest Adobe Flash Player update address?

In addition to patching CVE-2018-5002, the latest Adobe Flash Player update includes fixes for three other security vulnerabilities, enhancing the overall security of the software for users.

What actions are recommended for users regarding the new Adobe Flash Player update?

Users are advised to download and install the latest version of Adobe Flash Player to protect against the patched vulnerabilities. The update is now available and can be downloaded from Adobe's official website.

What is the significance of state-sponsored cyber espionage related to this vulnerability?

The involvement of a state-sponsored cyber espionage group highlights the severity of the Zero-Day vulnerability. Experts believe these attackers are targeting specific entities, particularly in the Middle East, which raises concerns about national security and data protection.