If you’re still using Adobe Flash Player, this is for you. But first, don’t use it. Remove the plugins from your browsers and don’t fall for the scam where you should update your Android device’s Flash Player app, because that is truly a scam. A good reason for doing this is yet another zero-day vulnerability (CVE-2018-15982) that was just patched this week. It was being exploited using a Microsoft Office document.
If you still use Adobe Flash for something, make sure to update it as soon as the patches are released. Yes, it seems like there are a lot of them. That’s because there are. According to Jim Stickley at Stickley on Security, a vulnerability is found just about every single month in the product. There are so many issues with this that it's difficult to keep track. And Adobe is ending the life of it sooner than later. In 2020 to be precise. That means, that even when a vulnerability is found, they won't be fixing it, leaving those who still use it at risk.
If you don’t need Adobe Flash, and few of us do these days, go into your browser settings (all of the browsers you have installed) and disable it. If you find you never need it, just delete it. Most websites have started using other technologies that are not as flawed.
In this latest exploit, the document is called 22.docx according to researchers with Gigamon Applied Threat Research. If you see a document with that name show up in your inbox, don’t click on it. It was supposedly submitted from a Ukrainian IP address and pretends to be an employment application. It’s quite lengthy too; coming in at seven pages of personal questions that one would typically find on such a document. These scammers sure when to a lot of trouble with this one.
What the vulnerability actually does is let a malicious Flash object execute code on the infected machine. And of course this document spreads via phishing; spearphishing to be precise. They get the information for spearphishing in various ways, but one is via posts on social media. Use caution when putting anything at all on the Internet. While you can certainly secure these accounts and limit your posts, once someone else shares or forwards something you post it is completely out of your control. Therefore, to be safe just consider anything you put online as up for grabs for anyone with an internet connection.
Another way they acquire information is from data breaches. When data is accessed this way, it usually ends upon the Dark Web and can be purchased by someone who wants to commit spearphishing attacks. If they know you have a particular product, they can use it in an email to give it more authenticity. The more they know about you, the more they can make these messages appear as if they are truly tailored to you.
If you’re not expecting a link or attachment, just don’t click on it. If you aren’t sure, contact the sender by phone, by text, by taking a walk to his or her desk and ask first.
Affected products are Adobe Desktop Runtime, Adobe Flash Player for Chrome, Edge, and Internet Explorer 11 for versions 31.0.0.153 and earlier. To get the patch, go to Adobe’s website directly. They have a tool that will let you know if you need to update your product.