Vulnerability exploitation was spotted by several security companies. The attack was detected on November 29, 2018 and seems to be executed by a Ukrainian APT group UA-APT.
360 Core Security dubbed the attack "Operation Poison Needles".
Vulnerable component: Adobe Flash Player
CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-416 - Use After Free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing SWF files. A remote attacker can create a specially crafted .swf file, trick the victim to open it and execute arbitrary code on system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note: this vulnerability is being exploited in the wild.
Known APT campaigns:
Operation Poison Needles
A targeted attack against Russian medical institution FSBI тАЬPolyclinic No.2тАЭ, affiliated to the Presidential Administration of Russia. The attack was spotted on the evening of November 29, 2018 by several threat intelligence companies.
A Microsoft Word document with embedded exploit for zero-day vulnerability was uploaded to VirusTotal from a Ukrainian IP address.
Latest references in media:
- This malware spreading tool is back with some new tricks | ZDNet [2019-01-18 16:30:08]
- Adobe fixes vulnerabilities in Connect and Digital Editions, Flash left in the cold | ZDNet [2019-01-09 13:10:09]
- Adobe Patches Important Bugs in Connect and Digital Edition [2019-01-08 15:50:10]
- Adobe Fixes Two Critical Acrobat and Reader Flaws [2019-01-04 13:40:10]
- ShadowTalk Update тАУ 17.10.2018 [2018-12-17 17:12:03]
- Having a Bit of Fun with CVE-2018-15982 [2018-12-13 23:21:53]
- Update now! Microsoft and AdobeтАЩs December 2018 Patch Tuesday is here [2018-12-13 14:01:33]
- Update now! Microsoft and Adobe’s December 2018 Patch Tuesday is here [2018-12-13 14:00:17]
- 87 vulnerabilities Fixed With Adobe December Security Update [2018-12-13 08:31:07]
- 126 vulnerabilities patched in Microsoft and Adobe this December 2018 [2018-12-13 01:41:18]
- Microsoft issues Patch Tuesday fixes for 39 vulnerabilities [2018-12-12 15:20:06]
- December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild [2018-12-12 14:11:32]
- December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild [2018-12-12 14:10:12]
- Microsoft patches 'dangerous' zero-day already being exploited by hacking groups | TheINQUIRER [2018-12-12 13:10:11]
- Microsoft and Adobe Patch 100+ Bugs in December [2018-12-12 11:20:07]
- The December 2018 Security Update Review [2018-12-11 19:31:26]
- Adobe December 2018 Security Update Fixes Reader, Acrobat [2018-12-11 18:50:10]
- Zero-Day Flash Player Vulnerability Fixed After Being Exploited In the Wild [2018-12-10 11:51:05]
- Week in review: CAPTCHA-breaking AI, Australian anti-encryption bill, new issue of (IN)SECURE [2018-12-09 20:11:24]
- Week in review: CAPTCHA-breaking AI, Australian anti-encryption bill, new issue of (IN)SECURE [2018-12-09 20:10:13]
- Reading Lists, Women in Music, Google Chrome, More: Friday ResearchBuzz, December 7, 2018 [2018-12-07 17:01:32]
- Flash zero-day exploit spotted тАУ patch now! [2018-12-07 13:11:34]
- Flash zero-day exploit spotted – patch now! [2018-12-07 13:10:30]
- Adobe Flash Zero-Day Spreads via Office Docs [2018-12-07 11:50:11]
- Links 7/12/2018: GNU Guix, GuixSD 0.16.0, GCC 7.4, PHP 7.3.0 Released [2018-12-07 10:21:29]
- December Patch Tuesday forecast: Let it snow, let it snow, let it snow [2018-12-07 08:01:12]
- December Patch Tuesday forecast: Let it snow, let it snow, let it snow [2018-12-07 08:00:11]
- Unpatched Vulnerabilities Enable Adobe Flash Zero-Day [2018-12-06 18:40:10]
- UkraineтАЩs SBU: Russia carried out a cyberattack on Judiciary Systems [2018-12-06 13:20:13]
- Adobe releases Flash patch for zero-day exploit [2018-12-06 11:11:27]
- Hackers Exploiting Adobe Flash 0day via a Microsoft Office Document [2018-12-06 10:01:12]
- Adobe patches newly exploited Flash zero-day [2018-12-06 08:21:19]
- Adobe patches newly exploited Flash zero-day [2018-12-06 08:10:16]
- Report: Adobe zero-day exploit similar to HackingTeam tool [2018-12-05 22:50:57]
- CVE-2018-15982 Adobe zero-day exploited in targeted attacks [2018-12-05 22:00:13]
- Flash zero-day... leveraging ActiveXтАжembedded in Office Doc...BINGO! [2018-12-05 20:40:02]
- Russian Hospital Targeted With Flash Zero-Day After Kerch Incident [2018-12-05 18:30:12]
- Adobe Fixes Zero-Day Flash Player Vulnerability Used in APT Attack on Russia [2018-12-05 17:20:27]
- Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign [2018-12-05 17:10:12]
- Adobe releases out-of-band security update for newly discovered Flash zero-day | ZDNet [2018-12-05 17:00:12]
- Adobe Patches Zero-Day Vulnerability in Flash Player [2018-12-05 16:20:13]
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.