Hackers found leveraging new Adobe zero-day vulnerability to hijack Windows PCs

• The attackers were found delivering malicious ActiveX-embedded documents via phishing emails.
• Adobe has released patches addressing the vulnerability.

A new a zero-day vulnerability was recently discovered in Adobe Flash. The flaw is being leveraged by hackers to hijack Windows PCs. The attackers were found delivering malicious ActiveX-embedded documents via phishing emails.

When the victim opens the document, the ActiveX plugin instructs Adobe Flash to execute the code on the victim’s PC. The hackers then exploit the zero-day bug (CVE-2018-15982), which enables the attackers to gain command line access to the targeted system. Once the vulnerability is triggered, another payload was downloaded and run.

The zero-day vulnerability and the attacks leveraging it were discovered by security researchers at Gigamon Applied Threat Research (ATR). Gigamon reported the issue to the Adobe on November 29, 2018.

More about the vulnerability

• CVE-2018-15982 is the vulnerability embedded in the Microsoft Office document.
• The exploit embedded in the document works on both 32-bit and 64-bit systems.
• The document that carried the maliciously crafted Flash object was submitted to VirusTotal from a Ukrainian IP address.

What do the researchers have to say?

Researchers noted that the attack pattern appears to mimic the type of exploits performed by Hacking Team - the notorious Italian mercenary cybergang that is infamous for offering its services to authoritarian governments.

"At best, it could aid the victim’s organization in determining intent and guiding response actions, but in reality, whether it is Hacking Team, an impersonator, or completely unrelated, the fact remains a valid zero-day might have been used to perform targeted exploitation against a victim,” Gigamon researchers added. “Although the death of Flash has been widely reported thanks to industry efforts to deprecate and remove Flash from web browsers, vectors such as Microsoft Office remain able to load and execute Flash content.

How to stay safe?

Users are requested to update their desktop Adobe Flash Player app. Web browsers such as Google Chrome, Internet Explorer, and Edge should also be updated as soon as possible, as these browsers still incorporate and use Adobe Flash Player.

Meanwhile, On December 5, 2018, Adobe released security patches to address both the critical vulnerability in the Adobe Flash player and another vulnerability in the Adobe Flash player installer.