Adobe Flash Player: first vulnerability attacks detected CVE-2018-4878

For the next two years, Adobe Flash Player will be spoiled by the already unproductive source of online resources, which is used every day by billions of people around the world. If by some miracle you are still using the Adobe Flash Player application, we recommend an urgent update because the first attacks were detected using the vulnerability exploit CVE-2018-4878.

Adobe announced that the multimedia platform will be killed in 2020. Then, officially Flash will stop being supported. It is not a loss. A freaky cock with vulnerabilities on Adobe Flash Player will make the Internet safer.

CVE-2018-4877 and CVE-2018-4878 for Adobe Flash Player

Vulnerabilities CVE-2018-4877 and CVE-2018-4878 apply to all versions of the Flash Player software up to and including the number 28.0.0.161. This applies to Windows, Linux, Google OS and macOS, but also Flash Player for browsers. On the blog of the producer of Adobe Security Bulletin we read that the vulnerability allows the execution of code in the context of the logged in user. Attacks that have been detected so far, use macros in Office documents with built-in Flash content. Malicious documents are distributed in spam campaigns.

Adobe Flash Player CVE

We are dealing here with macroviruses, so protection against these threats is not difficult and should be reduced to the most effective ways:

  • First, you should carefully analyze the received message. Is it still possible to take on e-mail scams? You can and unfortunately still many people.
  • We recommend using antivirus software. The analysis of samples on VirusTotal for anti-viruses does not depend on suggesting that the versions of antivirus engines used are not necessarily the same as those that protect our computers after installation.
  • We recommend reviewing advanced security product settings and enabling e-mail protection, protection against exploits, and protection against macro viruses (detection of malicious Office documents). Any anti-virus software that supports protection against malicious documents may have such a function under a different name.
  • In office suites of Microsoft Office, Libre Office, WPS Office, Open Office or others, macros should be permanently disabled. If you do not know what they are used for, or you do not use them, it is worth doing not only on your computer, but also on devices of less technical household members.
  • In a situation where a malicious file is launched, you can (until it is too late) turn off the computer and scan hard drives with a rescue disc or a specialized scanner. Use the Avast Rescue Disk, Bitdefender Rescue Disk, G Data BootMedium, Heise Disinfect or Kaspersky Virus Removal Tool, but be familiar with this test beforehand .
  • For more advanced users, we recommend moving mail from Wirtualna Polska, Interia, O2 and the like to the provider, which guarantees much better protection against spam, e.g. Gmail, Outlook, Zoho Mail.


Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.