comscore Adobe Flash Player zero-day bug discovered, potentially allows full control of Windows systems
News

Adobe Flash Player zero-day bug discovered, potentially allows full control of Windows systems

The bug allows hackers to download ROKRAT payload on the system and remotely execute it for complete control.

  • Published: February 3, 2018 2:42 PM IST
adobe-getty-stock-image

Adobe‘s Flash Player is hit with another zero-day vulnerability that could allow Remote Code Execution (RCE) on various platforms. What makes it worse is that the loophole is already being exploited against Windows users, albeit on a limited scale. Also Read - Microsoft decides to end Adobe Flash support for Windows 10 in July 2021

Also Read - Adobe Flash Player bids adieu, uninstall it right now

The vulnerability has been discovered by South Korea’s CERT. Security researchers explain that the exploit is carried out by embedding a Flash SWF file in a Microsoft Excel document. According to Neowin, in the limited number of attacks carried out using this loophole, once you open the document, it allows the Flash object to download the ROKRAT payload from malicious websites. The payload is a RAT (Remote Administration Tool) that is used in cloud platforms to procure documents. Also Read - Adobe to discontinue support for Flash content from 2021

Upon download of ROKRAT, the attack loads it the memory and executes it. It has been found that a group of malicious hackers named ‘Group 123’ is behind ROKRAT. However, it is the first time that the tool utilized a zero-day vulnerability.

Security researchers further revealed that Group 123 has joined other criminal elite with the latest payload of ROKRAT, leveraging Adobe Flash 0 day which was outside of their previous capabilities. The new exploit suggests the group has matured into a highly sophisticated, and skilled one.

In its official support forum, Adobe has acknowledged the issue and said that the vulnerability (CVE-2018-4878), “exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.”

It is unclear as to how many people have fallen victim to the latest exploit, but as a security advisory, Adobe warns that the vulnerability, if exploited fully, can potentially allow an attacker to take control of a system completely. The platforms which stand affected by the new zero-day bug include Adobe Flash Player for Desktop Runtime, Google Chrome, Microsoft Edge, Internet Explorer 11 across Windows, Macintosh, Linux, and Chrome OS.

The company announced that it will address the vulnerability in a release planned for the week of February 5. It has further asked users to monitor the Adobe Product Security Incident Response Team for any update. It is recommended that system administrators use the Protected View for Office, and change Flash Player’s behavior on Internet Explorer on Windows 7 and below, such that it warns a user before playing an SWF file.

It is worth mentioning that Adobe is killing Flash in a few years. The company is officially going to stop updating and distributing its Flash Player by the end of 2020. The announcement, made last year, is to allow content creators to migrate their existing Flash content to open formats.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: February 3, 2018 2:42 PM IST



new arrivals in india

Tecno Pova 2
Tecno Pova 2

10,999

Infinix Smart 5A
Infinix Smart 5A

6,499

Micromax In 2b
Micromax In 2b

8,999

Vivo Y72 5G
Vivo Y72 5G

20,990

Tecno Camon 17
Tecno Camon 17

12,999

Tecno Camon 17 Pro
Tecno Camon 17 Pro

16,999

Realme C11 2021
Realme C11 2021

6,999

Oppo Reno6 Pro 5G
Oppo Reno6 Pro 5G

39,990

Oppo Reno6 5G
Oppo Reno6 5G

29,990

Samsung Galaxy M21 2021
Samsung Galaxy M21 2021

12,499

OnePlus Nord 2
OnePlus Nord 2

27,999

Poco F3 GT
Poco F3 GT

27,999

Samsung Galaxy A22 5G
Samsung Galaxy A22 5G

19,999

Xiaomi Redmi Note 10T 5G
Xiaomi Redmi Note 10T 5G

13,999

Samsung Galaxy F22
Samsung Galaxy F22

12,499

Xiaomi Mi 11 Lite
Xiaomi Mi 11 Lite

21,999

Infinix Note 10 Pro
Infinix Note 10 Pro

16,999

Infinix Note 10
Infinix Note 10

10,999

Vivo Y73
Vivo Y73

20,990

OnePlus Nord CE 5G
OnePlus Nord CE 5G

22,999

iQOO Z3
iQOO Z3

19,990

Realme C25s
Realme C25s

9,999

Poco M3 Pro 5G
Poco M3 Pro 5G

13,999

Realme X7 Max 5G
Realme X7 Max 5G

26,999

Oppo F19
Oppo F19

18,990

Motorola Moto G40 Fusion
Motorola Moto G40 Fusion

13,999

POCO M2 Reloaded
POCO M2 Reloaded

9,499

OPPO A74 5G
OPPO A74 5G

17,990

Oppo A53s 5G
Oppo A53s 5G

14,990

Vivo V21 5G
Vivo V21 5G

29,990

Realme C25
Realme C25

9,499

Realme C21
Realme C21

7,999

Realme C20
Realme C20

6,799

Motorola Moto G60
Motorola Moto G60

17,999

iQOO 7
iQOO 7

31,990

Samsung Galaxy M42 5G
Samsung Galaxy M42 5G

21,999

Xiaomi Mi 11 Ultra
Xiaomi Mi 11 Ultra

69,999

Xiaomi Mi 11X Pro 5G
Xiaomi Mi 11X Pro 5G

39,999

Xiaomi Mi 11X
Xiaomi Mi 11X

29,999

Realme 8 5G
Realme 8 5G

13,999

Samsung Galaxy F02s
Samsung Galaxy F02s

8,999

Samsung Galaxy F12
Samsung Galaxy F12

10,999

POCO X3 Pro
POCO X3 Pro

18,999

Realme 8 Pro
Realme 8 Pro

17,999

Realme 8
Realme 8

14,999

Vivo X60 Pro Plus
Vivo X60 Pro Plus

69,990

Vivo X60 Pro
Vivo X60 Pro

49,990

Vivo X60
Vivo X60

37,990

OnePlus 9 Pro 5G
OnePlus 9 Pro 5G

64,999

OnePlus 9R 5G
OnePlus 9R 5G

39,999

OnePlus 9 5G
OnePlus 9 5G

49,999

Samsung Galaxy A72
Samsung Galaxy A72

34,999

Samsung Galaxy A52
Samsung Galaxy A52

26,499

Micromax In 1
Micromax In 1

10,499

Asus ROG Phone 5
Asus ROG Phone 5

49,999

Samsung Galaxy M12
Samsung Galaxy M12

10,999

Motorola Moto G30
Motorola Moto G30

10,999

Motorola Moto G10 Power
Motorola Moto G10 Power

9,999

Oppo F19 Pro Plus 5G
Oppo F19 Pro Plus 5G

25,990

Oppo F19 Pro
Oppo F19 Pro

21,490

Xiaomi Redmi Note 10 Pro Max
Xiaomi Redmi Note 10 Pro Max

18,999

Xiaomi Redmi Note 10 Pro
Xiaomi Redmi Note 10 Pro

15,999

Xiaomi Redmi Note 10
Xiaomi Redmi Note 10

11,999

Realme Narzo 30A
Realme Narzo 30A

8,999

Realme Narzo 30 Pro
Realme Narzo 30 Pro

16,999

Infinix Smart 5
Infinix Smart 5

7,199

Samsung Galaxy F62
Samsung Galaxy F62

23,999

Samsung Galaxy A12
Samsung Galaxy A12

12,999

Nokia 5.4
Nokia 5.4

13,999

Nokia 3.4
Nokia 3.4

11,999

Realme X7 Pro 5G
Realme X7 Pro 5G

29,999

Realme X7
Realme X7

19,999

Vivo Y31
Vivo Y31

16,490

Oppo Reno5 Pro 5G
Oppo Reno5 Pro 5G

35,990

Samsung Galaxy S21 Ultra 5G
Samsung Galaxy S21 Ultra 5G

1,05,999

Samsung Galaxy S21 Plus 5G
Samsung Galaxy S21 Plus 5G

81,999

Samsung Galaxy S21 5G
Samsung Galaxy S21 5G

69,999

Vivo Y12s
Vivo Y12s

9,990

Vivo Y51A
Vivo Y51A

17,990

Samsung Galaxy M02s
Samsung Galaxy M02s

8,999

Xiaomi Mi 10i
Xiaomi Mi 10i

21,999

Oppo A15s
Oppo A15s

11,490

Tecno Spark 6 Go
Tecno Spark 6 Go

8,499

Vivo V20 2021
Vivo V20 2021

24,990

Vivo Y20A
Vivo Y20A

11,490

Xiaomi Redmi 9 Power
Xiaomi Redmi 9 Power

11,999

Motorola Moto G9 Power
Motorola Moto G9 Power

11,999

Motorola Moto G 5G
Motorola Moto G 5G

20,999

Vivo V20 Pro
Vivo V20 Pro

29,990

Xiaomi Mi 10T
Xiaomi Mi 10T

35,999

Xiaomi Redmi 9i
Xiaomi Redmi 9i

8,299

Xiaomi Mi 10T Pro
Xiaomi Mi 10T Pro

39,999

Infinix Hot 10
Infinix Hot 10

9,999

Vivo V20 SE
Vivo V20 SE

20,990

Vivo V20
Vivo V20

24,990

Micromax In 1b
Micromax In 1b

6,999

Best Sellers