CATEGORY: Informative Updates
Found to be exploited in two APT attacks earlier in December, a critical zero-day vulnerability in Adobe Flash Player (CVE-2018-15982) is still being used by attackers. The vulnerability is used to drop a payload embedded in Microsoft Word documents, to avoid anti-virus detection. The Word document with the zero-day Flash vulnerability payload compressed into a ZIP ﬁle with a JPG picture is sent to the victim. Once the word document is opened, the vulnerability is extracted and a shellcode from the JPG picture is executed.
The shellcode lets the attackers gain access to the compromised machine. The vulnerability payload has a similar digital signature as an intrusion tool which was written by Hacking Team, discovered in August 2018.
The vulnerability payload is packed with VMProtect to block eﬀorts at reverse engineering and analysis.
Indicators of Compromise
The vendor has already released patches for vulnerable versions, as recommended in the previous advisory.