On December 5th, Adobe released two security patches outside of the regular patching schedule to address an arbitrary code execution vulnerability (CVE-2018-15982) and a privilege escalation vulnerability (CVE-2018-15983). Windows, MacOS, Chrome OS and Linux users are affected. Exploitation of CVE-2018-15982 prior to patch release has been publicly reported and was achieved through phishing emails.
Technical details of the exploitation have not yet been released but patching for this vulnerability should be a high priority due to the associated risks of arbitrary code execution and the known successful exploitation.
What we’re doing about it
-
The eSentire Threat Intelligence Team is monitoring this issue for additional details and detection methods
-
Current esRECON checks identify Adobe related vulnerabilities and will be updated to assist in identifying this specific vulnerability
-
esENDPOINT rules are being updated for this specific threat
What you should do about it
-
After performing a business impact review, apply the Adobe security patches [1]
-
Conduct user awareness training around phishing and opening documents from unknown or suspicious sources
Additional information
Initial reporting states that CVE-2018-15982 was exploited in a phishing campaign delivering the exploit in Microsoft Office documents labeled “22.docx” [2]. Arbitrary code execution allows the unidentified Threat Actor(s) to gain command line access to affected devices. The goal of this phishing campaign remains unclear.
There are no reports of CVE-2018-15983 being exploited in the wild at this time. This vulnerability still requires fast action as it could be coupled into existing attacks, allowing the threat actor to raise their privileges on the system and perform actions at the administrative level.
Affected Adobe products:
- Adobe Flash Player Desktop Runtime
- Adobe Flash Player for Google Chrome
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11
- Adobe Flash Player Installer
References:
[1] Adobe Security Bulletin: Security updates available for Flash Player | APSB18-42
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
[2] Threat Post: Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign
https://threatpost.com/adobe-flash-zero-day-leveraged-via-office-docs-in-campaign/139635/
