Traps Prevents Adobe Flash Player Zero-Day

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Community Team Member

The Korean CERT published a security advisory on January 31 regarding a new Adobe Flash Player zero-day vulnerability (CVE-2018-4878).  On February 6th, Adobe released a patch and security bulletin to address this vulnerability. The vulnerability is a Use-After-Free (UAF) bug in Adobe tvsdk. The final goal is allegedly to download and execute a malware known as DogCall (aka ROKRAT) – an information stealing backdoor. DogCall is often delivered via malicious Hangul Word Processor (HWP) files, which is a popular application used in South Korea.

 

Check out the Unit42 blog that illustrates and explains the attack flow:

 

Attack FlowAttack Flow

 

Palo Alto Networks Traps advanced endpoint protection offers multiple methods of malware and exploit prevention to protect against such complex threats. For this threat, Traps prevents the malicious shellcode running in Excel.exe using Traps exploit prevention capabilities. In addition, Traps local analysis via machine learning prevents the malicious payload from executing.

 

AutoFocus customers can track this activity via the DogCall tag:

 

AutoFocus Tag DetailsAutoFocus Tag Details

 

Stay Secure!
-Kiwi.
  • 11293 Views
  • 0 comments
  • 1 Likes
Register or Sign-in
Labels
Top Liked Authors