Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe Flash Player Has (Another) Critical Zero-Day Vulnerability

The Adobe Flash Player is widely adopted and a choice target for attackers given its history with vulnerabilities and the potential footprint exploits can have. Adobe consistently provides security updates for critical vulnerabilities. However, CVE-2018-5002 is the second zero-day vulnerability in Adobe Flash Player this year (the earlier one being CVE-2018-4877). Today, Adobe released a security patch for this vulnerability, along with other critical updates. This vulnerability was independently discovered by ICEBRG, Qihoo 360 and Tencent and impacts Adobe Flash Player 29.0.0171 and earlier versions. According to Adobe, the vulnerability is a stack-based buffer overflow bug that could allow arbitrary code execution.

Impact assessment

An attacker who successfully exploits the vulnerability could take control of an affected system. Exploits in the wild have leveraged Microsoft Office documents containing malicious Flash Player content via targeted email campaigns. At this time, the targeted systems seem to be Windows devices in the Middle East, according to Qihoo 360 Core Security. Adobe has released a security update for Adobe Flash Player on various affected platforms, including Windows, macOS, Linux, and Chrome OS.

Urgently required actions

Adobe Flash Player requires an immediate update to version 30.0.0.113 for all platforms.

Identifying affected systems

Tenable® has been monitoring the situation. We’ve released the following Nessus® plugins to assist our customers in finding and securing their exposure to CVE-2018-5002 as well as the other vulnerabilities patched in this update.

Plugin ID

Description

110397

Adobe Flash Player <= 29.0.0.171 (APSB18-19)

110396

Adobe Flash Player for Mac <= 29.0.0.171 (APSB18-19)

Get more information

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.