Security firm Icebrg on Thursday announced that a zero-day vulnerability has led to exploitation in Adobe Flash specifically targeted towards users in the Middle East. The vulnerability (CVE-2018-5002) enables attackers to execute certain actions by executing code on the victims’ computers. As per the blog post, the exploit uses a Microsoft Office document for the attack. To circumvent the fact that Adobe Flash is blocked on most browsers, the exploit involves loading Flash Player from within Microsoft Office. The flaw was reported by Icebrg in collaboration with Qihoo 360 Core Security.
“While this attack leveraged a zero-day exploit, individual attacker actions do not happen in isolation. There are several other behavioural aspects that can be used for detection. Any single observable might be low confidence but multiple observables clustered might be indicative of suspicious or malicious activity,” said Icebrg staff in its blog post.
Of course, this is not the first instance wherein Flash Player’s vulnerabilities have been exploited. Back in October last year, the company had issued a security patch to fix a critical leak.
Users have been strongly recommended to update Adobe Flash in order to avoid any such vulnerabilities seeping into your machines. The update, however, is not a guarantee towards protection against future discrepancies. It is thus advised to enable flash on only a secondary browser that is not used majorly on the computer.
Related Articles
Like what you read? Follow us on Facebook, Follow us on Twitter, Follow us on Instagram and Subscribe via FeedBurner.
Subscribe Via Email:
The post Windows Users Hit by Adobe Flash Player Vulnerability, Patch Issued appeared first on News Doses.