Adobe Flash Player Zero-Day Bug Discovered, Allows Remote Control of Windows
Feb. 4, 2018In the past couple of years,Adobe’s Flash Player has been identified as one of the most vulnerable software out there.Considering its popularity, the software was used for a plethora of services, making them highly vulnerable to hacks as well. It was this reason that companies started to move away from Flash onto other technologies. However, for those of you that still use apps that rely on Adobe’s insecure technology, we have some more bad news for you.
Discovered by South Korea’s CERT, a zero-day vulnerability has been discovered on Adobe’s Flash player, that couldallow Remote Code Execution (RCE) on various platforms.What makes it worse is that the loophole is already being exploited against Windows users, although on a limited scale.
The exploit is carried out by embedding a Flash SWF file in a Microsoft Excel document. Once you open the document, it allows the Flash object to download the ROKRAT payload from malicious websites.The payload is a RAT (Remote Administration Tool) that is used in cloud platforms to procure documents.Once it is downloaded, the attack loads it to the memory and executes it.
As of now,it is still unclear as to how many people have fallen victimto the latest exploit. However, as a security advisory, Adobe has warned that the vulnerability, if exploited fully, can potentially allow an attacker to take control of a system completely. The platforms which stand affected by the new zero-day buginclude Adobe Flash Player for Desktop Runtime, Google Chrome, Microsoft Edge, Internet Explorer 11 across Windows, Macintosh, Linux, and Chrome OS.
Adobe has announced that it willaddress the vulnerability in a release planned for the week of February 5.Furthermore, it has asked users to monitor the Adobe Product Security Incident Response Team for any updates. It is recommended that system administratorsuse the Protected View for Office, and change Flash Player’s behavior on Internet Explorer on Windows 7 and below, such that it warns a user before playing an SWF file.
This isn’t an interview! Why am I being asked to tell you about myself? :P Well, if you really wanna know, I’m currently trending worldwide on #BeingMirchi. Buy me a beer if you like my work. Cheers!
