A critical, use-after-free vulnerability, indexed as CVE-2018-4878 has been found in Adobe Flash Player 220.127.116.11 and earlier versions.
In a security advisory published on Thursday, Adobe said an attacker could gain access to a system if they exploit this vulnerability and that it is aware of the current exploitations. It all started when an advisory warning issued by South Korea’s CERT told that attack code for exploiting the vulnerability was circulating in the wild.
According to researchers from Cisco Systems’ Talos, the attacks are performed through a Microsoft Excel document distributed via email that embeds a malicious Flash object. It then installs ROKRAT, a remote administration tool if the SWF object is triggered.
Adobe mentioned that the current attacks are being targeted against a limited number of Windows users. But it could also affect systems running on macOS, ChromeOS, Linux platforms with software versions 18.104.22.168 and earlier.
The affected product versions include Adobe Flash Player Desktop Runtime (Windows, Macintosh), Adobe Flash Player for Google Chrome (Windows, Macintosh, Linux, and Chrome OS), Adobe Flash Player for Edge and IE 11 (Windows 10, 8.1), Adobe Flash Player Runtime (Linux).
For mitigation actions, Adobe advised users to enable the Protected View for Office which limits the dangerous files to open only in read-only mode.
Flash is usually used for watching videos. But as most of the websites today use built-in HTML 5 to play video content, you can uninstall Flash Player unless you need it. However, security patch to address the vulnerability will be released on February 5 this week. So, you can always install it again after the update is released.
Users who want to find out the version of Flash Player on your system, visit the about flash player page and right click on the content and select “About Adobe (or Macromedia) Flash Player” from the menu. And the persons running multiple browsers are required to repeat the same steps for each browser installed on your system.