Identified as CVE-2018-15982, this vulnerability is being found in Adobe Flash Player version 184.108.40.206 as well as older products such as Flash Player Desktop Runtime, Flash Player for Google Chrome, Microsoft Edge and Internet Explorer 11. Adobe Flash Player Installer versions 220.127.116.11 and earlier have also been named. It is recognized as a use-after-free flaw being exploited in the wild and if it exploits Flash Player successfully, arbitrary code can be executed and allow the attacker to gain full control of the system. Researchers discovered the exploit last week in Microsoft Office documents which posed as employment applications for Russian healthcare clinics and contained the planted Flash Active X in the header. When the user opened it, Flash player was exploited. Despite discovering this, neither the Office file or the Flash exploit contained the system take over. Instead, the final payload is an image file (scan042.jpg) which has been placed inside a WinRAR archive to be used in certain attacks such as spear-phishing emails amongst other methods. Updated version 18.104.22.168 has been released to patch all of the affected models.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security