Flash logo

BREAKING —South Korean authorities have issued a warning regarding a brand new Flash zero-day deployed in the wild.

According to a security alert issued by the South Korean Computer Emergency Response Team (KR-CERT), the zero-day affects Flash Player installs and earlier. Flash is the current Flash version number.

"An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code," KR-CERT said. The malicious code is believed to be a Flash SWF file embedded in MS Excel documents.

Zero-day is the work of North Korean hackers

Simon Choi, a security researcher with Hauri Inc., a South Korean security firm, says the zero-day has been made and deployed by North Korean threat actors and used since mid-November 2017. Choi says attackers are trying to infect South Koreans researching North Korea.

The Agency is now recommending that users disable or uninstall Adobe Flash Player from their systems until Adobe issues a patch.

"Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. We plan to address this in a release scheduled for the week of February 5," an Adobe spokesperson told Bleeping Computer today via email.

"Beginning with Flash Player 27, administrators have the ability to change Flash Player's behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content. For more details, see this administration guide. Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode."

Article updated on February 1, 15:00 ET with comment from Adobe.

h/t DEY!‏

Related Articles:

Zero-Day In Microsoft's VBScript Engine Used By Darkhotel APT

A First Look at the North Korean Malware Family Tree

Microsoft August 2018 Patch Tuesday Fixes 60 Security Flaws, Including Two Zero-Days

Adobe Patches Flash Player, Acrobat, Reader, Creative Cloud Desktop App, More

GandCrab Ransomware Author Bitter After Security Vendor Releases Vaccine App