Category Archives: adobe flash

Update now! Microsoft and Adobe’s December 2018 Patch Tuesday is here

If you find patching security flaws strangely satisfying, you’re in luck - Microsoft’s and Adobe’s December Patch Tuesdays have arrived with plenty for the dedicated updater to get stuck into.

A week in security (December 3 – 9)

Last week on Malwarebytes Labs, we gave readers an FYI on multiple breaches that affected Humble Bundle, Quora, and Dunkin’ Donuts, to name a few. This follows the announcement from Marriott about a four-year long breach that impacted half a billion of its patrons.

We also pushed out the report, “Under the Radar: The Future of Undetected Malware”, wherein we examined current threats and the technologies that are unprepared for them. You can download the report directly here.

Lastly, we discovered a new Mac malware, which has the combined the capabilities of the Empyre backdoor and the XMRig miner, and reported about a new Adobe Flash zero-day vulnerability that was used against a Russian facility in a targeted attack campaign.

Other cybersecurity news:

Stay safe!

The post A week in security (December 3 – 9) appeared first on Malwarebytes Labs.

December Patch Tuesday forecast: Let it snow, let it snow, let it snow

Grab your shovels, dust off the snow blower, and bundle up. The way patches are accumulating this month is making me think of winter in Minnesota. I’m talking about the kind where the snow flurries start and stop so many times over the course of a few weeks, you suddenly realize there is a lot of snow out there! So the question is, do you shovel in small amounts when there are breaks in the … More

The post December Patch Tuesday forecast: Let it snow, let it snow, let it snow appeared first on Help Net Security.

Adobe patches newly exploited Flash zero-day

Adobe has released an out-of-band security update for Flash Player that fixes two vulnerabilities, one of which is a zero-day (CVE-2018-15982) that has been spotted being exploited in the wild. About the vulnerability (CVE-2018-15982) CVE-2018-15982 is a use-after-free in the Flash’s file package com.adobe.tvsdk.mediacore.metadata that can be exploited to deliver and execute malicious code on a victim’s computer. It was flagged on November 29 by researchers with Gigamon Applied Threat Research (ATR) and Qihoo 360 … More

The post Adobe patches newly exploited Flash zero-day appeared first on Help Net Security.

New Flash Player zero-day used against Russian facility

For the past couple of years, Office documents have largely replaced exploit kits as the primary malware delivery vector, giving threat actors the choice between social engineering lures and exploits or a combination of both.

While today’s malicious spam (malspam) heavily relies on macros and popular vulnerabilities (i.e. CVE-2017-11882), attackers can also resort to zero-days when trying to compromise a target of interest.

In separate blog posts, Gigamon and 360 Core Security reveal how a new zero-day (CVE-2018-15982) for the Flash Player (version 31.0.0.153 and earlier) was recently used in targeted attacks. Despite being a brand new vulnerability, Malwarebytes users were already protected against it thanks to our Anti-Exploit technology.

The Flash object is embedded into an Office document disguised as a questionnaire from a Moscow-based clinic.

A dot reveals an embedded (and hidden) ActiveX object

Since Flash usage in web browsers has been declining over the past few years, the preferred scenario is one where a Flash ActiveX control is embedded in an Office file. This is something we saw earlier this year with CVE-2018-4878 against South Korea.

Victims open the booby-trapped document from a WinRAR archive that also contains a bogus jpeg file (shellcode) that will be used as part of the exploitation process that eventually loads a backdoor.

Zero-day attack flow stopped by Malwarebytes

As Qihoo 360 security researchers noted, the timing with this zero-day attack is close to a recent real-world incident between Russia and Ukraine. Cyberattacks between the two countries have been going on for years and have affected major infrastructure, such as the power grid.

Malwarebytes users were already protected against this zero-day without the need to update any signatures. We detect the malware payload as Trojan.CrisisHT.APT.

Adobe has patched this vulnerability (security bulletin APSB18-42) and it is highly recommended to apply this patch if you are still using Flash Player. Following the typical exploit-patch cycle, zero-days often become mainstream once other attackers get their hands on the code. For this reason, we can expect to see this exploit integrated into document exploit kits as well as web exploit kits in the near future.

The post New Flash Player zero-day used against Russian facility appeared first on Malwarebytes Labs.

Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent

Adobe has released a Flash Player update that plugs a critical vulnerability (CVE-2018-15981) that could lead to remote code execution, and is urging users to implement it as soon as possible. The flaw affects Flash Player 31.0.0.148 and earlier versions on Windows, macOS, Linux and Chrome OS, and details about it are already publicly available, the company warned. About CVE-2018-15981 CVE-2018-15981 was discovered and publicly disclosed by researcher Gil Dabah last week. “The interpreter code … More

The post Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent appeared first on Help Net Security.