Users of tech support services in Ottawa should know of vulnerabilities in Adobe products, that can give attackers the opportunity to establish a presence on their networks. In advisories released throughout February, Adobe identifies the affected products as Acrobat, Flash and Reader. Adobe has released patches for all affected products and is urging customers to update immediately as 17 out 41 of the vulnerabilities are considered critical and some have been seen being actively exploited in the wild. Below is a brief explanation of a couple of the more critical vulnerabilities.
CVE-2018-4878: CVE-2018-4878 is Flash zero-day vulnerability that was discovered as an attachment to malicious emails believed to originate from North Korea. Cisco researchers have named the group responsible as Group 123, and their target seems to be largely South Korean governmental and military organizations, which hints that the actors are state-sponsored. The exploit is carried in an Excel file embedded with an SWF file, which when opened, will allow an attacker to remotely execute code on the target system. In attacks performed in South Korea., the vulnerability was used to download malware known as DOGCALL. Although it is a targeted attack against South Korean organizations, it is not improbable for someone to use the code against other organization in another attack, so users of managed services in Ottawa are urged to update immediately, as this is a very serious vulnerability being actively exploited in the wild.
CVE-2018-4901: CVE-2018-4901 is a remote code execution vulnerability found in Adobe Acrobat Reader DC for both Windows and Mac platforms. It affects version 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability allows attackers to hide JavaScript code in a PDF, which can perform buffer overflows when the document is opened, this means it can be used to corrupt sensitive data or execute arbitrary code. Although there is no sighting of exploitation in the wild, users of computer services in Ottawa would be wise to update their Acrobat Reader DC as soon as possible.
It is gravely important to keep your systems patched and up to date, as attackers are all too aware that not all users update their systems as soon as a patch is available. WannaMine makes this point as it is based on the EternalBlue vulnerability, which was passed in March 2017. As Adobe products are vastly popular at the business and consumer- level, IT consulting clients in Ottawa, in fact any company in Ottawa using IT should patch their Adobe software packages immediately as it is only a matter of time before exploitation of all the vulnerabilities patched this month will be seen in the wild.