New Adobe Flash Zero-Day Spotted in the Wild

Catalin Cimpanu

February 1, 2018
10:50 AM
3

Flash logo

BREAKING —South Korean authorities have issued a warning regarding a brand new Flash zero-day deployed in the wild.

According to a security alert issued by the South Korean Computer Emergency Response Team (KR-CERT), the zero-day affects Flash Player installs 28.0.0.137 and earlier. Flash 28.0.0.137 is the current Flash version number.

"An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code," KR-CERT said. The malicious code is believed to be a Flash SWF file embedded in MS Excel documents.

Zero-day is the work of North Korean hackers

Simon Choi, a security researcher with Hauri Inc., a South Korean security firm, says the zero-day has been made and deployed by North Korean threat actors and used since mid-November 2017. Choi says attackers are trying to infect South Koreans researching North Korea.

Flash 0day vulnerability that made by North Korea used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea. (no patch yet) pic.twitter.com/bbjg1CKmHh
— Simon Choi (@issuemakerslab) February 1, 2018

The Agency is now recommending that users disable or uninstall Adobe Flash Player from their systems until Adobe issues a patch.

"Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. We plan to address this in a release scheduled for the week of February 5," an Adobe spokesperson told Bleeping Computer today via email.

"Beginning with Flash Player 27, administrators have the ability to change Flash Player's behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content. For more details, see this administration guide. Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode."

Article updated on February 1, 15:00 ET with comment from Adobe.

h/t DEY!‏

Catalin Cimpanu

Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.

Comments

Occasional - 2 months ago
"...attackers are trying to infect South Koreans researching North Korea."

You don't have to think that far back, to recall "global village" voices proclaiming the internet as the means to break tyrannical and oppressive régimes. How's that been working out?
SuperSapien64 - 2 months ago
Sheesh this is one reason Adobe should open source the Flash Player.
_LC_ - 2 months ago
Some software is just such a mess that revealing the pile of junk to the public wouldn't even make a difference.

To receive periodic updates and news from BleepingComputer, please use the form below.

Latest Downloads

Windows Repair (All In One)
Version: 4.0.17

1M+ Downloads
AdwCleaner
Version: 7.1.0.0

51M+ Downloads
Malwarebytes Anti-Malware
Version: 3.4.5.2467

4M+ Downloads
Farbar Recovery Scan Tool
Version: NA

3M+ Downloads
Skype Classic
Version: 7.40.0.104

18,497 Downloads