Home > Cyber News > CVE-2018-15982: Adobe Flash Player Critical Flaw Detected, Patch Now!
CYBER NEWS

CVE-2018-15982: Adobe Flash Player Critical Flaw Detected, Patch Now!

by   |  Last Update:  |  0 Comments  

The Adobe Flash Player has been found to contain a critical security bug along with another high-impact vulnerability. The issues are being tracked in the CVE-2018-15982 and attacks using these weaknesses have already been reported. All users using the Flash Player should update their installations as soon as possible to avoid being hacked.




Adobe Flash Player Critical Flaw and Vulnerabilities Tracked in CVE-2018-15982

This month has brought news of a new set of Adobe Flash Player vulnerabilities. They are tracked in the CVE-2018-15982 advisory, the worrying fact is that exploits using them have already been reported. The critical bug is described as an arbitrary code execution possibility. This means that using the Flash Player hackers can execute malicious code on the target computers. The critical rating assigned to it is due to the fact that Adobe has received reports of abuse. Security reports indicate that an unknown malicious actor is leveraging it against a healthcare organization which is associated with the Russian presidential administration. The flaw is found within all popular platforms: Microsoft Windows, macOS, Linux and Chrome OS. The necessary patches have already been released.

The CVE-2018-15983 advisory tracks the other vulnerability which is categorized as privilege escalation. Its severity rating is “important” which enables the Flash player to gain unauthorized entry to the system via the increased access.

The limited information which we have available shows that the malicious hackers are using infected documents, particularly Microsoft Word ones. They are packed inside a RAR archive along with a JPG photo. As soon as the archives are opened upon launching of the Microsoft Word document the built-in Flash scripts will extract a malware payload from the photo. This tactic is being maintained in order to avoid detection by most security software that directly scan for executable malware files. This approach also shows that advanced phishing tactics have been used in spreading the payload carriers. It is very possible that this attack scenario is based on research and careful planning.

For more information on the bugs check the associated Adobe Security Bulletin page. The company recommends that all users patch their systems as soon as possible to prevent any abuse.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. New Kit on the Block: Spelevo EK (CVE-2018-15982) There’s a new exploit kit in town, and it’s called...
  3. CVE-2018-4878 Flash Player Flaw: What You Need to Know Adobe Flash Player has been long targeted by hackers. Plenty...
  4. Cisco Bugs CVE-2018-0151, CVE-2018-171, CVE-2018-015. Patch Now! Three critical vulnerabilities have found in Cisco products. More specifically,...
  5. July 2018 Patch Tuesday Fixes CVE-2018-8281, Microsoft Office Bugs Another set of patches has been rolled by Microsoft in...
  6. CVE-2018-8414, CVE-2018-8373 Fixed in August 2018 Patch Tuesday Microsoft has released their latest wave of updates in the...
  7. CVE-2014-8439 Patched. Emergency Adobe Flash Player Update Issued On Tuesday Adobe issued an emergency patch in order to...
  8. Adobe Fixes Several Critical Vulnerabilities in Photoshop, Bridge Adobe recently released patches addressing four critical vulnerabilities in Adobe...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree