Spam Campaign Targeting New Flash Vulnerability [CVE-2018-4878]
A malicious spam campaign is targeting an Adobe Flash vulnerability. CVE-2018-4878 is a use-after-free vulnerability in the Adobe Primetime software development kit (SDK) that, if exploited, may allow a remote, unauthenticated attacker to execute arbitrary code. For more information please see Adobe Security Bulletin APSB18-03.
Spam emails containing shortened URL’s generated by Google’s URL Shortener utility were sent to users. Clicking these URLs downloads a Microsoft Word document which in turn opens the command prompt, presumably using a malicious macro, and injects shellcode to download a DLL file.
This results in whitelisting solutions being bypassed which, coupled with the use of short URLs makes it very difficult to detect with signature-based scanning.
Affected Platform:
- Adobe Flash Player – Windows, macOS, Linux and Chrome OS versions prior to 28.0.0.161
Resolution:
Adobe have patched this vulnerability in new versions of Flash Player. Users are encouraged to update at the earliest possible date.
As signature-based detection is not effective at this time, it is advised to employ heuristic-based detection solutions as well.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.