Connect with us

Hi, what are you looking for?



Adobe Patches Flash Zero-Day Exploited in Targeted Attacks

[Updated] Security updates released by Adobe on Thursday for Flash Player patch four vulnerabilities, including a critical flaw that has been exploited in targeted attacks.

[Updated] Security updates released by Adobe on Thursday for Flash Player patch four vulnerabilities, including a critical flaw that has been exploited in targeted attacks.

The vulnerability that has been exploited in the wild is tracked as CVE-2018-5002, and it has been described by Adobe as a stack-based buffer overflow that can be leveraged for arbitrary code execution.

The security hole was independently reported to Adobe by researchers at ICEBRG, Qihoo 360 and Tencent.

The researchers have yet to share any details, but Adobe did mention that CVE-2018-5002 has been exploited in limited, targeted attacks against Windows users. Hackers deliver the exploit via malicious Office documents that include specially crafted Flash content. The documents are distributed via email.

The latest version of Flash Player,, also patches a critical type confusion vulnerability that can lead to code execution (CVE-2018-4945), an “important” severity integer overflow that can result in information disclosure (CVE-2018-5000), and an “important” out-of-bounds read issue that can also lead to information disclosure (CVE-2018-5001).

CVE-2018-5000 and CVE-2018-500 were reported anonymously through Trend Micro’s Zero Day Initiative (ZDI), while CVE-2018-4945 was reported to Adobe by researchers at Tencent.

Despite Adobe’s plans to kill Flash Player by 2020, threat actors apparently still find zero-day vulnerabilities highly useful.

Advertisement. Scroll to continue reading.

This is the second zero-day discovered in 2018. The first was patched in February after North Korean hackers exploited it for several months in attacks aimed at South Korea.

UPDATE. According to the Advanced Threat Response Team at 360 Core Security, which discovered the Flash exploit on June 1, attacks involving CVE-2018-5002 appear to be mainly aimed at entities in the Middle East.

The exploit has been delivered using a specially crafted Excel spreadsheet named “salary.xlsx,” which includes salary information written in Arabic. A malicious SWF file that contains the zero-day exploit is downloaded from a remote server once the spreadsheet is opened. Researchers say the goal is to download a Trojan, but they have not provided any information on the malware.

Data collected from the command and control (C&C) server suggests that hackers have been making preparations for the attack since February. The C&C domain is designed to mimic a job search website in the Middle East and its name suggests that the target is located in Doha, Qatar.

360 Core Security has published technical details on CVE-2018-5002, which makes it easier for other threat groups to start exploiting the flaw.

UPDATE 2. ICEBRG’s Security Research Team (SRT) has also published a blog post detailing the attack and the Flash Player vulnerability.

Related: Adobe Patches Flash Zero-Day Exploited by North Korean Hackers

Related: Middle East Group Uses Flash Zero-Day to Deliver Spyware

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...