Large increase of Flash Player attacks after exploit was added to exploit kit – patch ASAP!

Posted 10 April 2018 16:51 CET by Jan Willem Aldershoff

Because malware developers have made it easier than ever before to exploit a specific vulnerability in Adobe’s Flash Player (2018-4878), there is a rise in attacks that exploit the leak. Abusing the vulnerability in Flash Player is so easy because a method to exploit the leak has been added to document exploit builder software called ThreatKit.

Now that ThreatKit is equipped with a method to exploit the Flash Player vulnerability, also less tech-savvy cybercriminals can abuse the security issue. With ThreatKit, cybercriminals can fairly easy construct their own malware that exploits Office documents.

In case of the Flash Player vulnerability, it affected Office documents that had a Flash file embedded. When properly exploited it allowed an attacker to execute arbitrary code, which means the system was fully compromised. Simply opening the document was sufficient to become infected. The issue was already patched in February but security researchers report they see an increase of attacks exploiting the vulnerability.

Adobe therefore recommends users to immediately update their Flash Player to 28.0.0161. On the Adobe website you can check what version is currently installed on your system.

 


Related content


Comment on this news item