Adobe Reader zero-day discovered alongside Windows vulnerability
During the primary 1/2 2018, we've witnessed some significantly fascinating zero-day exploits, as well as one for Flash (CVE-2018-4878) and additional recently for net individual (CVE-2018-8174). the previous was quickly utilized by exploit kits like Magnitude, whereas it's solely a matter of your time before we tend to see the latter being weaponized additional wide.
We can currently boost that list associate degree Adobe Reader zero-day (CVE-2018-4990), that was reportable by ESET and Microsoft and has already been patched. though it's not been determined within the wild however, it remains a dangerous threat considering it's as well as a privilege increase vulnerability in Microsoft Windows.
To exploit the Windows vulnerability, the aggressor should write to associate degree discretionary address in kernel area, which is able to not work for Windows eight and higher than, as newer security measures forestall this sort of mapping. Those 2 combined zero-days were necessary to flee the athlete Reader sandbox protection, that to its credit has been up the safety of the software system drastically, such a lot so malicious PDFs that were once common as a part of drive-by transfer attacks have near nonexistent
We can currently boost that list associate degree Adobe Reader zero-day (CVE-2018-4990), that was reportable by ESET and Microsoft and has already been patched. though it's not been determined within the wild however, it remains a dangerous threat considering it's as well as a privilege increase vulnerability in Microsoft Windows.
To exploit the Windows vulnerability, the aggressor should write to associate degree discretionary address in kernel area, which is able to not work for Windows eight and higher than, as newer security measures forestall this sort of mapping. Those 2 combined zero-days were necessary to flee the athlete Reader sandbox protection, that to its credit has been up the safety of the software system drastically, such a lot so malicious PDFs that were once common as a part of drive-by transfer attacks have near nonexistent
Indicators of Compromise (IoC)
| ESET detection names |
|---|
| JS/Exploit.Pdfka.QNV trojan |
| Win32/Exploit.CVE-2018-8120.A trojan |
| SHA-1 hashes |
| C82CFEAD292EECA601D3CF82C8C5340CB579D1C6 |
| 0D3F335CCCA4575593054446F5F219EBA6CD93FE Please Refer to the ESET |
Comments
Post a Comment