comscore Adobe Flash Player zero-day bug discovered, potentially allows full control of Windows systems
News

Adobe Flash Player zero-day bug discovered, potentially allows full control of Windows systems

The bug allows hackers to download ROKRAT payload on the system and remotely execute it for complete control.

  • Published: February 3, 2018 2:42 PM IST
adobe-getty-stock-image

Adobe‘s Flash Player is hit with another zero-day vulnerability that could allow Remote Code Execution (RCE) on various platforms. What makes it worse is that the loophole is already being exploited against Windows users, albeit on a limited scale. Also Read - Adobe introduces Liquid mode for PDFs: All you need to know

Also Read - Adobe hires former Google Pixel engineer Marc Levoy to build a universal camera app

The vulnerability has been discovered by South Korea’s CERT. Security researchers explain that the exploit is carried out by embedding a Flash SWF file in a Microsoft Excel document. According to Neowin, in the limited number of attacks carried out using this loophole, once you open the document, it allows the Flash object to download the ROKRAT payload from malicious websites. The payload is a RAT (Remote Administration Tool) that is used in cloud platforms to procure documents. Also Read - Adobe Creative Cloud apps including Photoshop, Lightroom, Premier and Rush get major updates

Upon download of ROKRAT, the attack loads it the memory and executes it. It has been found that a group of malicious hackers named ‘Group 123’ is behind ROKRAT. However, it is the first time that the tool utilized a zero-day vulnerability.

Security researchers further revealed that Group 123 has joined other criminal elite with the latest payload of ROKRAT, leveraging Adobe Flash 0 day which was outside of their previous capabilities. The new exploit suggests the group has matured into a highly sophisticated, and skilled one.

In its official support forum, Adobe has acknowledged the issue and said that the vulnerability (CVE-2018-4878), “exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.”

It is unclear as to how many people have fallen victim to the latest exploit, but as a security advisory, Adobe warns that the vulnerability, if exploited fully, can potentially allow an attacker to take control of a system completely. The platforms which stand affected by the new zero-day bug include Adobe Flash Player for Desktop Runtime, Google Chrome, Microsoft Edge, Internet Explorer 11 across Windows, Macintosh, Linux, and Chrome OS.

The company announced that it will address the vulnerability in a release planned for the week of February 5. It has further asked users to monitor the Adobe Product Security Incident Response Team for any update. It is recommended that system administrators use the Protected View for Office, and change Flash Player’s behavior on Internet Explorer on Windows 7 and below, such that it warns a user before playing an SWF file.

It is worth mentioning that Adobe is killing Flash in a few years. The company is officially going to stop updating and distributing its Flash Player by the end of 2020. The announcement, made last year, is to allow content creators to migrate their existing Flash content to open formats.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.
  • Published Date: February 3, 2018 2:42 PM IST



new arrivals in india

Poco X3
Poco X3

16,999

Realme Narzo 20A
Realme Narzo 20A

8,499

Realme Narzo 20
Realme Narzo 20

10,499

Realme Narzo 20 Pro
Realme Narzo 20 Pro

14,999

Oppo F17
Oppo F17

17,990

Samsung Galaxy M51
Samsung Galaxy M51

24,999

Poco M2
Poco M2

10,999

Oppo F17 Pro
Oppo F17 Pro

22,990

Realme 7 Pro
Realme 7 Pro

19,999

Realme 7
Realme 7

14,999

Xiaomi Redmi 9A
Xiaomi Redmi 9A

6,799

Vivo Y20
Vivo Y20

12,990

Xiaomi Redmi 9
Xiaomi Redmi 9

8,999

Nokia 5.3
Nokia 5.3

13,999

Motorola Moto G9
Motorola Moto G9

11,499

Realme C15
Realme C15

9,999

Realme C12
Realme C12

8,999

Samsung Galaxy Note 20
Samsung Galaxy Note 20

77,999

Xiaomi Redmi 9 Prime
Xiaomi Redmi 9 Prime

9,999

Oppo Reno4 Pro
Oppo Reno4 Pro

34,990

Samsung Galaxy M01 Core
Samsung Galaxy M01 Core

5,499

Realme 6i
Realme 6i

12,999

Asus Rog Phone 3
Asus Rog Phone 3

49,999

OnePlus Nord
OnePlus Nord

24,999

Infinix Smart 4 Plus
Infinix Smart 4 Plus

7,999

Xiaomi Redmi Note 9
Xiaomi Redmi Note 9

11,999

Samsung Galaxy M01s
Samsung Galaxy M01s

9,999

Vivo X50 Pro 5G
Vivo X50 Pro 5G

49,990

Vivo X50 5G
Vivo X50 5G

34,990

Realme C11
Realme C11

7,499

Poco M2 Pro
Poco M2 Pro

13,999

Realme X3
Realme X3

24,999

Realme X3 SuperZoom
Realme X3 SuperZoom

27,999

Tecno Spark Power 2
Tecno Spark Power 2

9,999

Oppo A12
Oppo A12

9,990

Oppo A52
Oppo A52

16,990

Samsung Galaxy A21s
Samsung Galaxy A21s

15,999

Oppo Find X2
Oppo Find X2

64,990

Motorola One Fusion Plus
Motorola One Fusion Plus

17,499

Samsung Galaxy A31
Samsung Galaxy A31

20,999

Samsung Galaxy M01
Samsung Galaxy M01

8,999

Samsung Galaxy M11
Samsung Galaxy M11

10,999

Infinix Hot 9 Pro
Infinix Hot 9 Pro

9,999

LG Velvet
LG Velvet

Price Not Available

Xiaomi Mi Note 10 Lite
Xiaomi Mi Note 10 Lite

Price Not Available

Apple iPhone SE 2020
Apple iPhone SE 2020

42,500

Honor 30 Pro
Honor 30 Pro

Price Not Available

Honor 30
Honor 30

Price Not Available

OnePlus 8
OnePlus 8

44,999

OnePlus 8 Pro
OnePlus 8 Pro

54,999

Xiaomi Redmi Note 9 Pro
Xiaomi Redmi Note 9 Pro

13,999

Motorola Moto E4
Motorola Moto E4

8,999

Samsung Galaxy On Max
Samsung Galaxy On Max

9,775

nubia N2
nubia N2

15,999

Karbonn K9 Kavach 4G
Karbonn K9 Kavach 4G

5,290

Motorola Moto C Plus
Motorola Moto C Plus

6,999

Best Sellers