Flash logo

BREAKING —South Korean authorities have issued a warning regarding a brand new Flash zero-day deployed in the wild.

According to a security alert issued by the South Korean Computer Emergency Response Team (KR-CERT), the zero-day affects Flash Player installs 28.0.0.137 and earlier. Flash 28.0.0.137 is the current Flash version number.

"An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code," KR-CERT said. The malicious code is believed to be a Flash SWF file embedded in MS Excel documents.

Zero-day is the work of North Korean hackers

Simon Choi, a security researcher with Hauri Inc., a South Korean security firm, says the zero-day has been made and deployed by North Korean threat actors and used since mid-November 2017. Choi says attackers are trying to infect South Koreans researching North Korea.

The Agency is now recommending that users disable or uninstall Adobe Flash Player from their systems until Adobe issues a patch.

"Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. We plan to address this in a release scheduled for the week of February 5," an Adobe spokesperson told Bleeping Computer today via email.

"Beginning with Flash Player 27, administrators have the ability to change Flash Player's behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content. For more details, see this administration guide. Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode."

Article updated on February 1, 15:00 ET with comment from Adobe.

h/t DEY!‏

Related Articles:

Internet Explorer Zero-Day Exploited in the Wild by APT Group

Flash Used on 5% of All Websites, Down From 28.5% Seven Years Ago

Adobe Patches Six Flash Player Security Bugs, Three Critical

Decrypters for Some Versions of Magniber Ransomware Released

Android Malware Intercepts Phone Calls to Connect Banking Users to Scammers