Adobe has released a priority update to plug a critical security flaw in its popular Flash Player on Windows. As per an official announcement by the company, the latest patch will address issues in Adobe Flash Player 18.104.22.168 and other earlier versions. The vulnerabilities, according to Adobe, are being used by hackers to embed malicious content distributed via email.
Security firm Icebrg on Thursday announced that a zero-day vulnerability has led to exploitation in Adobe Flash specifically targeted towards users in the Middle East. The vulnerability (CVE-2018-5002) enables attackers to execute certain actions by executing code on the victims' computers. As per the blog post, the exploit uses a Microsoft Office document for the attack. To circumvent the fact that Adobe Flash is blocked on most browsers, the exploit involves loading Flash Player from within Microsoft Office. The flaw was reported by Icebrg in collaboration with Qihoo 360 Core Security.
"While this attack leveraged a zero-day exploit, individual attacker actions do not happen in isolation. There are several other behavioural aspects that can be used for detection. Any single observable might be low confidence but multiple observables clustered might be indicative of suspicious or malicious activity," said Icebrg staff in its blog post.
Of course, this is not the first instance wherein Flash Player's vulnerabilities have been exploited. Back in October last year, the company had issued a security patch to fix a critical leak.
Users have been strongly recommended to update Adobe Flash in order to avoid any such vulnerabilities seeping into your machines. The update, however, is not a guarantee towards protection against future discrepancies. It is thus advised to enable flash on only a secondary browser that is not used majorly on the computer.