Zero-day vulnerability in Adobe Flash Player

Use-after-free
CVE-2018-15982

Vulnerability exploitation was spotted by several security companies. The attack was detected on November 29, 2018 and seems to be executed by a Ukrainian APT group UA-APT.

360 Core Security dubbed the attack "Operation Poison Needles".

Vulnerability details

Advisory: SB2018120508 - Multiple vulnerabilities in Adobe Flash Player

Vulnerable component: Adobe Flash Player

CVE-ID: CVE-2018-15982

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-416 - Use After Free

Description:

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing SWF files. A remote attacker can create a specially crafted .swf file, trick the victim to open it and execute arbitrary code on system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability is being exploited in the wild.

Known APT campaigns:

Operation Poison Needles

A targeted attack against Russian medical institution FSBI “Polyclinic No.2”, affiliated to the Presidential Administration of Russia. The attack was spotted on the evening of November 29, 2018 by several threat intelligence companies.

A Microsoft Word document with embedded exploit for zero-day vulnerability was uploaded to VirusTotal from a Ukrainian IP address.

Latest references in media:

- This malware spreading tool is back with some new tricks | ZDNet [2019-01-18 16:30:08]

- Adobe fixes vulnerabilities in Connect and Digital Editions, Flash left in the cold | ZDNet [2019-01-09 13:10:09]

- Adobe Patches Important Bugs in Connect and Digital Edition [2019-01-08 15:50:10]

- Adobe Fixes Two Critical Acrobat and Reader Flaws [2019-01-04 13:40:10]

- ShadowTalk Update – 17.10.2018 [2018-12-17 17:12:03]

- Having a Bit of Fun with CVE-2018-15982 [2018-12-13 23:21:53]

- Update now! Microsoft and Adobe’s December 2018 Patch Tuesday is here [2018-12-13 14:01:33]

- Update now! Microsoft and Adobe’s December 2018 Patch Tuesday is here [2018-12-13 14:00:17]

- 87 vulnerabilities Fixed With Adobe December Security Update [2018-12-13 08:31:07]

- 126 vulnerabilities patched in Microsoft and Adobe this December 2018 [2018-12-13 01:41:18]

- Microsoft issues Patch Tuesday fixes for 39 vulnerabilities [2018-12-12 15:20:06]

- December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild [2018-12-12 14:11:32]

- December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild [2018-12-12 14:10:12]

- Microsoft patches 'dangerous' zero-day already being exploited by hacking groups | TheINQUIRER [2018-12-12 13:10:11]

- Adobe today released patches for 87 vulnerabilities affecting its Acrobat and Reader software products for both macOS and Windows operating systems [2018-12-12 11:40:06]

- Microsoft and Adobe Patch 100+ Bugs in December [2018-12-12 11:20:07]

- December Patch Tuesday: Year-End Batch Addresses Win32k Elevation of Privilege and Windows DNS Server Vulnerabilities [2018-12-12 07:50:18]

- The December 2018 Security Update Review [2018-12-11 19:31:26]

- Adobe December 2018 Security Update Fixes Reader, Acrobat [2018-12-11 18:50:10]

- Zero-Day Flash Player Vulnerability Fixed After Being Exploited In the Wild [2018-12-10 11:51:05]

- Week in review: CAPTCHA-breaking AI, Australian anti-encryption bill, new issue of (IN)SECURE [2018-12-09 20:11:24]

- Week in review: CAPTCHA-breaking AI, Australian anti-encryption bill, new issue of (IN)SECURE [2018-12-09 20:10:13]

- Reading Lists, Women in Music, Google Chrome, More: Friday ResearchBuzz, December 7, 2018 [2018-12-07 17:01:32]

- Flash zero-day exploit spotted – patch now! [2018-12-07 13:11:34]

- Flash zero-day exploit spotted – patch now! [2018-12-07 13:10:30]

- Adobe Flash Zero-Day Spreads via Office Docs [2018-12-07 11:50:11]

- Links 7/12/2018: GNU Guix, GuixSD 0.16.0, GCC 7.4, PHP 7.3.0 Released [2018-12-07 10:21:29]

- December Patch Tuesday forecast: Let it snow, let it snow, let it snow [2018-12-07 08:01:12]

- December Patch Tuesday forecast: Let it snow, let it snow, let it snow [2018-12-07 08:00:11]

- Unpatched Vulnerabilities Enable Adobe Flash Zero-Day [2018-12-06 18:40:10]

- Ukraine’s SBU: Russia carried out a cyberattack on Judiciary Systems [2018-12-06 13:20:13]

- Cybersecurity researcher have discovered a new zero-day vulnerability in Adobe Flash Player (CVE-2018-15982) that hackers are actively exploiting in the wild [2018-12-06 12:30:08]

- Adobe releases Flash patch for zero-day exploit [2018-12-06 11:11:27]

- Hackers Exploiting Adobe Flash 0day via a Microsoft Office Document [2018-12-06 10:01:12]

- Adobe patches newly exploited Flash zero-day [2018-12-06 08:21:19]

- Adobe patches newly exploited Flash zero-day [2018-12-06 08:10:16]

- Report: Adobe zero-day exploit similar to HackingTeam tool [2018-12-05 22:50:57]

- CVE-2018-15982 Adobe zero-day exploited in targeted attacks [2018-12-05 22:00:13]

- Flash zero-day... leveraging ActiveX…embedded in Office Doc...BINGO! [2018-12-05 20:40:02]

- Russian Hospital Targeted With Flash Zero-Day After Kerch Incident [2018-12-05 18:30:12]

- Adobe Fixes Zero-Day Flash Player Vulnerability Used in APT Attack on Russia [2018-12-05 17:20:27]

- Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign [2018-12-05 17:10:12]

- Adobe releases out-of-band security update for newly discovered Flash zero-day | ZDNet [2018-12-05 17:00:12]

- Adobe Patches Zero-Day Vulnerability in Flash Player [2018-12-05 16:20:13]

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.