Adobe has an update for Flash Player, patching a Zero Day attackers are already jumping on.
Attacks against CVE-2018-5002 are “limited, targeted attacks against Windows users,” but updates (v18.104.22.168 for all platforms) are available for Adobe Flash Player for Windows, macOS, Linux and Chrome OS.
It is a stack-based buffer overflow vulnerability independently discovered by researchers at Qihoo 360, ICEBRG and Tencent.
This attack mainly targets the Middle East, said researchers at Qihoo 360 in a post.
The file that delivers the exploit is named ***salary.xls. The file’s content is consistent with the title, is in Arabic (it is believed that the targets are in Qatar) and shows salaries for various time periods.
The attack loads Adobe Flash Player from within Microsoft Office, which is a popular approach to Flash exploitation since Flash is disabled in many browsers, researchers said.
Attackers typically embed a Flash file within a document, which may contain the entire exploit, or may stage the attack to download exploits and payloads more selectively.
Once the document opens, the exploit code and malicious payload end up delivered from remote servers.
The update also contains updates for Flash for three more issues.
Users who have selected the option to “Allow Adobe to install updates” will receive the update automatically.