A malicious spam campaign is targeting an Adobe Flash vulnerability. CVE-2018-4878 is a use-after-free vulnerability in the Adobe Primetime software development kit (SDK) that, if exploited, may allow a remote, unauthenticated attacker to execute arbitrary code. For more information please see Adobe Security Bulletin APSB18-03.
Spam emails containing shortened URL’s generated by Google’s URL Shortener utility were sent to users. Clicking these URLs downloads a Microsoft Word document which in turn opens the command prompt, presumably using a malicious macro, and injects shellcode to download a DLL file.
This results in whitelisting solutions being bypassed which, coupled with the use of short URLs makes it very difficult to detect with signature-based scanning.
- Adobe Flash Player – Windows, macOS, Linux and Chrome OS versions prior to 188.8.131.52
Adobe have patched this vulnerability in new versions of Flash Player. Users are encouraged to update at the earliest possible date.
As signature-based detection is not effective at this time, it is advised to employ heuristic-based detection solutions as well.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.