South Korea's Computer Emergency Response Team (KR-CERT) issued an alarm Wed for a novel Flash Player zero-day vulnerability that's beingness actively exploited inwards the wild past times North Korean hackers to target Windows users inwards South Korea.
Simon Choi of South Korea-based cybersecurity theater Hauri starting fourth dimension reported the crusade on Twitter, proverb the North Korean hackers create got been using the Flash zero-day against South Koreans since mid-November 2017.
Although Choi did non part whatever malware sample or details near the vulnerability, the researcher said the attacks using the novel Flash zero-day is aimed at South Korean individuals who focus on researching North Korea.
Adobe likewise released an advisory on Wednesday, which said the zero-day is exploiting a critical 'use-after-free' vulnerability (CVE-2018-4878) inwards its Flash media software that leads to remote code execution.
- Desktop Runtime (Win/Mac/Linux)
- Google Chrome (Win/Mac/Linux/Chrome OS)
- Microsoft Edge too Internet Explorer xi (Win 10 & 8.1)
"Adobe is aware of a written report that an exploit for CVE-2018-4878 exists inwards the wild, too is beingness used inwards limited, targeted attacks against Windows users," the advisory said. "These attacks leverage Office documents amongst embedded malicious Flash content distributed via email. Adobe volition address this vulnerability inwards a release planned for the calendar week of Feb 5."
To exploit the vulnerability, all an aggressor take to practise is play a joke on victims into opening Microsoft Office documents, spider web pages, or spam messages that incorporate a maliciously crafted Adobe Flash file.
The vulnerability tin hold upwardly leveraged past times hackers to accept command of an affected computer.
Choi likewise posted a screenshot to demo that the Flash Player zero-day exploit has been delivered via malicious Microsoft Excel files.
Adobe said inwards its advisory that the society has planned to address this vulnerability inwards a "release planned for the calendar week of Feb 5," through KR-CERT advises users to disable or completely take the buggy software.
