There was an attack on a recent zero-day vulnerability Adobe patched last week.
The CVE-2916-4117 flaw affected the previous latest version of Adobe Flash and copped a rushed patch after FireEye reported the cyber attacks.
The senior security engineer from Singapore – Genwei Jiang, has revealed the details of the previously undisclosed phishing attacks he reported, and said it is being actively deployed.
The affected users should run Windows, Flash, and Microsoft Office, and fall for some form of phishing link or file.
“Attackers had embedded the Flash exploit inside a Microsoft Office document, which they then hosted on their web server, and used a Dynamic DNS domain to reference the document and payload,” Jiang stated.
“With this configuration, the attackers could disseminate their exploit via URL or email attachment.”
“Although this vulnerability resides within Adobe Flash Player, threat actors designed this particular attack for a target running Windows and Microsoft Office.”
The above-mentioned attack is typical of many campaigns, running a shellcode to create a command and control link, runs the malware, and throws a decoy document to leave victims unaware of the infection.
Considering the fact that the patch was released only four days ago, it is certain that the vulnerability continues to be very valuable.
According to Genwei Jiang, users committed to Flash must patch their systems and should consider Microsoft’s lauded enhanced mitigation toolkit defensive toolkit.
The latter point is most critical on systems older than Windows 10 which lack enhanced mitigation toolkit’s features, largely baked-in to the modern operating machines.