Threat Intelligence Report- Adobe Flash Player vulnerability: CVE-2019-7845

Summary

Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting webpages or even reading email messages.

A new critical vulnerability has been discovered in Adobe Flash Player which could allow for arbitrary code execution. Depending on the privileges associated with this application, an attacker could then install programs; view changes or delete data.

Conclusions:

While Adobe Flash is slowly being replaced by HTML5, there is still a lot of content which relies upon Adobe Flash therefore there is still a large install base of Flash Player and this vulnerability is likely to be relevant to most organisations.

Adobe Flash Player is routinely found to contain serious security vulnerabilities, and after the core operating system it is one of the most important software packages to keep up to date, along with web browsers.

Tactics, Techniques and Procedures

There are two likely methods which will be used to compromise systems using these vulnerabilities:

  • In a web-based attack: Attackers host a webpage which exploits the vulnerabilities. The attacker cannot push users to visit their websites, but instead creates ways to lure their victims to access them. This can include:
    • Phishing emails containing a link to an infected web page
    • Compromising a legitimate web page with exploit code
      • Through methods such as Cross Site Scripting on forum type sites
      • Following a compromise of the target website
      • Compromising the supply chain of the website to include exploits in external scripts such as advertising
  • Using a malicious .SWF file: The vulnerability exists due to a the ‘Use After Free’ error when processing .SWF files. In this method the remote attacker will create a specially crafted .SWF file and use social engineering to convince an end user to open it. As soon as the file been opened , it will trigger the use after free error and execute the arbitrary code on the target machine with the privileges of the current user has.
Vulnerability Impact Severity CVE Number
Arbitrary Code Execution Critical CVE-2019-7845

Table 1 – Vulnerability Details

Vulnerable systems

  • Adobe Flash Player Desktop Runtime, Windows, MacOS and Linux, 32.0.0.192 and earlier Version.
  • Adobe Flash Player for Google Chrome, Windows, MacOS, Linux and Chrome OS, 32.0.0.192 and earlier Version.
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11, Windows 10 and 8.1, 32.0.0.192 and earlier Version

Advice

Invinsec recommends the following activities:

  • Update Adobe Flash Player desktop runtime for Windows, MacOS and Linux update to Adobe Flash Player 32.0.0.207
  • Run all software as a non-privilege user to reduce the impact of successful exploitation
  • Provide end user security awareness including the risks associated with phishing emails and how to spot these
  • Consider removing highly vulnerable software such as Adobe Flash from base “gold” images to reduce exposure where they are not needed

Leave a Reply