Flash logo

BREAKING —South Korean authorities have issued a warning regarding a brand new Flash zero-day deployed in the wild.

According to a security alert issued by the South Korean Computer Emergency Response Team (KR-CERT), the zero-day affects Flash Player installs 28.0.0.137 and earlier. Flash 28.0.0.137 is the current Flash version number.

"An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code," KR-CERT said. The malicious code is believed to be a Flash SWF file embedded in MS Excel documents.

Zero-day is the work of North Korean hackers

Simon Choi, a security researcher with Hauri Inc., a South Korean security firm, says the zero-day has been made and deployed by North Korean threat actors and used since mid-November 2017. Choi says attackers are trying to infect South Koreans researching North Korea.

The Agency is now recommending that users disable or uninstall Adobe Flash Player from their systems until Adobe issues a patch.

"Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. We plan to address this in a release scheduled for the week of February 5," an Adobe spokesperson told Bleeping Computer today via email.

"Beginning with Flash Player 27, administrators have the ability to change Flash Player's behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content. For more details, see this administration guide. Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode."

Article updated on February 1, 15:00 ET with comment from Adobe.

h/t DEY!‏

Related Articles:

New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs

0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative

Exploit Published for Unpatched Flaw in Windows Task Scheduler

Temporary Patch Available for Recent Windows Task Scheduler ALPC Zero-Day

Adobe September 2018 Security Updates Fix 6 Critical Vulnerabilities