Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Alert - Adobe Security Alert

Number: AL18-016
Date: 7 December 2018

Purpose

An ALERT is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. (The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this ALERT to recipients as requested.)

Assessment

The goal of this Alert is to bring heightened attention to a vulnerability in Adobe Flash for which there is currently a patch available. The vulnerability can be exploited by deceiving an end user into opening a maliciously-crafted Microsoft Office document file. This can lead to remote code execution on the affected computer. There are reports of spear phishing campaigns in the wild with such payloads attached to emails.

Adobe Flash Player 31.0.0.153 and earlier are affected.

CVE reference: CVE-2018-15982

Suggested Action

  • The Cyber Centre recommends that organizations update Adobe Flash at their earliest convenience.
  • Remain vigilant for unsolicited emails with attachments from people unknown to you. In such cases, do not open attachments before consulting an IT professional.
  • If the email purports to come from a known sender, ensure that the ‘from’ email address is correct.

References

Adobe Security Bulletin: https://helpx.adobe.com/security/products/flash-player/apsb18-42.html

Article: https://atr-blog.gigamon.com/2018/12/05/adobe-flash-zero-day-exploited-in-the-wild/

Note to Readers

The Canadian Centre for Cyber Security (Cyber Centre) operates as part of the Communications Security Establishment. We are Canada’s national authority on cyber security and we lead the government’s response to cyber security events. As Canada's national computer security incident response team, the Cyber Centre works in close collaboration with government departments, critical infrastructure, Canadian businesses and international partners to prepare for, respond to, mitigate, and recover from cyber events. We do this by providing authoritative advice and support, and coordinating information sharing and incident response. The Cyber Centre is outward-facing, welcoming partnerships that help build a stronger, more resilient cyber space in Canada.

Date modified: