Your one-stop web resource providing safety and security information to manufacturers

A just-fixed cross-platform Zero Day in Flash Player could have allowed attackers execute arbitrary code, officials said.

The security issue tracked as CVE-2018-15982 is present in Flash Player and earlier versions installed on computers running Windows, macOS, and Linux.

Adobe Fixes Critical Flash Flaw
Out of Band Patch from Adobe
Adobe Fixes Flash, ColdFusion Holes
Patch Tuesday Clears Zero Day

There are already reports of an exploit for CVE-2018-15982 existing within maliciously crafted Microsoft Office documents containing the Zero Day code, said officials at Adobe, which created Flash Player.

The exploit has been observed in the form of a Flash Active X object which would drop a backdoor Trojan capable of running on 32-bit and 64-bit architectures.

Cyber Security

Qihoo 360 Core Security, Gigamon Applied Threat Research, and 360 Threat Intelligence were the first ones to discover th exploit and report the issue to Adobe’s Product Security Incident Response Team (PSIRT).

In addition, Adobe also patched a remotely exploitable privilege escalation bug tracked as CVE-2018-15983 which could make it possible for a potential attacker to compromise vulnerable systems.

The privilege escalation issue resides in the insecure manner used by Flash Player loads DLL libraries that would allow an attacker to use a maliciously crafted DLL file to execute arbitrary code on the compromised machine in the context of the current user.

All users of the Adobe Flash Player Desktop Runtime for Windows, macOS, and Linux are recommended to update to the patched version.

Pin It on Pinterest

Share This