Jump to content

(Unpatched) Adobe Flash Player Zero-Day Exploit Spotted in the Wild


Reefa

Recommended Posts

 

 

 

 

 

 


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Quote

 

Quote

 

https://thehackernews.com/2018/02/flash-zero-day-exploit.html

 

Link to comment
Share on other sites


  • Replies 3
  • Views 1.2k
  • Created
  • Last Reply

Adobe Flash 0-Day Vulnerability APSA18-01

 

Adobe released the security advisory APSA18-01 for Flash Player that confirms a critical security vulnerability in Flash Player 28.0.0.137 and earlier.

Flash Player 28.0.0.137 is the most recent version of the program which means that all installed versions of Flash are affected by it.

Affected products:

  • Adobe Flash Player Desktop Runtime on Windows, Linux and Mac platforms.
  • Adobe Flash Player for Google Chrome on Windows, Mac, Linux and Chrome OS platforms.
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 8.1 and 10.

Adobe plans to release an update for Flash Player in the coming week that patches the security issues. The company confirmed in the advisory that the vulnerability is exploited in the wild, and that it is aware of attacks against Windows users that use Office documents with embedded Flash content that is malicious and distributed via email.

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

Adobe suggests that administrators enable Protected View to open documents in read-only mode. This is done with a click on File > Options, and the enabling of Protected View options under Trust > Trust Center Settings > Protected View.

 

protected view

 

This mitigates the current attack type but it may not protect systems against other attacks that exploit the vulnerability.

It is recommended to uninstall Adobe Flash in the meantime, disable it, or at the very least set it to "click to play".

Günter Born's article on disable the native Adobe Flash implementation offers instructions on how to do that. I don't want to quote the full article, but here are the basics.

Internet Explorer

Windows admins may use the following two Registry files to disable or enable the native Flash implementation on Windows in Microsoft Internet Explorer.

To disable Flash

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400

To enable Flash

Windows Registry Editor Version 5.00
; Unblock Flash Player in Windows 8, 8.1, 10
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

We have uploaded the Registry file to our own server for your convenience: BlockFlash-Internet-Explorer.zip

Group Policy

 

turn off adobe flash

 

You can deactive Adobe Flash using the Group Policy as well if you administrate PCs with professional editions of Windows:

  1. Tap on the Windows-key, type gpedit.msc and hit the Enter-key. This opens the Group Policy Editor.
  2. Use the hierarchy on the left to go to Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management
  3. Double-click on  "Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects" to open the policy.
  4. Set it to enabled, and click on ok.

Microsoft Edge

The Internet Explorer changes don't affect Microsoft Edge. You can disable Adobe Flash in Microsoft Edge directly or through policies.

 

Settings

 

To disable Adobe Flash in Microsoft Edge using the browser's settings, do the following:

  1. Open Microsoft Edge.
  2. Select Menu > Settings.
  3. Scroll down and click on "show advanced settings".
  4. Locate "Use Adobe Flash Player" and flip the preference to off.

Group Policy

 

edge flash disallow

  1. Tap on the Windows-key, type gpedit.msc and hit the Enter-key. This opens the Group Policy Editor.
  2. Go to Computer Configuration > Administrative Templates > Windows Components > Microsoft Edge.
  3. Double-click on "Allow Adobe Flash".
  4. Set the policy to disabled, and click on ok.

Ghacks.net

Link to comment
Share on other sites


It's surprising that Flash player is still used by some sites, when its vulnerability and need for weekly patches is long knows, and there are far better alternatives. Fortunately, you no longer need it for Youtube. And in fact, my Opera doesn't even have it installed and works fine in all but a few rare exceptions. When one of these exceptions asks me to install Flash, I just move on.

Link to comment
Share on other sites


This post kind of stretched  the truth a little  here was a updated post   February 6, 2018  by Adobe Product Security Incident Response Team (PSIRT)

Quote

 

A Security Bulletin (APSB18-03) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities that could lead to remote code execution, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

 

http://blogs.adobe.com/psirt/?p=1522

It was never was a threat on Linux .  Malware made for windows won't run in Linux  and they was spreading it like they do ransomware  trough office doc  and emails. Someone could  of made malware for Linux and executed it like this but this targeted SK  windows users who spied on NK and its  been patched on all platforms  by now  .  :lol:

Quote


Cisco researchers call the malware ROKRAT, and it allows attackers to fiddle with the compromised system remotely.

“One of the ROKRAT samples identified used a naming reference to Hancom Secure AnySign. It is a reference to a legitimate application developed by Hancom Secure for PKI & authentication mechanisms. It is a software application used to protect user data and is massively used in South Korea,” they explained.

“This payload is a shellcode loaded in memory and executed. We identified Flash exploits from November 2017.”

 

https://www.helpnetsecurity.com/2018/02/05/flash-zero-day-currently-exploited-wild/

 

 

ROKRAT Reloaded

https://vulners.com/talosblog/TALOSBLOG:52B6D17B9E11E344D5E57299287AAE60

The  dropper requires cmd.exe process and the Malware attacks  the windows registry. 

 

They found it using Twitter API ,Mediafire  and Yandex  before as well .

http://blog.talosintelligence.com/2017/04/introducing-rokrat.html

 

 

 

 

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...