Russian Hospital Targeted With Flash Zero-Day After Kerch Incident
December 05, 2018 / Eduard Kovacs
Security updates released by Adobe on Wednesday for Flash Player patch two vulnerabilities, including a critical flaw exploited by a sophisticated threat actor in attacks aimed at a healthcare organization associated with the Russian presidential administration. The attack may be related to the recent Kerch Strait incident involving Russia and Ukraine. Adobe’s advisory reveals that the exploited vulnerability, CVE-2018-15982, is a use-after-free bug that allows arbitrary code execution. The issue was patched with the release of Flash Player 126.96.36.199 for Windows, macOS, Linux and Chrome OS. The company has warned users that exploits exist in the wild, but has not shared any details.