Identified as CVE-2018-15982, this vulnerability is being found in Adobe Flash Player version 31.0.0.153 as well as older products such as Flash Player Desktop Runtime, Flash Player for Google Chrome, Microsoft Edge and Internet Explorer 11. Adobe Flash Player Installer versions 31.0.0.108 and earlier have also been named. It is recognized as a use-after-free flaw being exploited in the wild and if it exploits Flash Player successfully, arbitrary code can be executed and allow the attacker to gain full control of the system. Researchers discovered the exploit last week in Microsoft Office documents which posed as employment applications for Russian healthcare clinics and contained the planted Flash Active X in the header. When the user opened it, Flash player was exploited. Despite discovering this, neither the Office file or the Flash exploit contained the system take over. Instead, the final payload is an image file (scan042.jpg) which has been placed inside a WinRAR archive to be used in certain attacks such as spear-phishing emails amongst other methods. Updated version 32.0.0.101 has been released to patch all of the affected models.
Analyst Notes
When programs like Flash Player are targeted and exploited, users are advised to update as soon as the patch is released. Since this specific exploit is believed to be targeting a certain group or country it is not as great of a concern, but users should still be cautious and make the switch to the most up-to-date version.
