Zero-day flaw affects every version of Adobe’s Flash Player

Attackers can persuade users to open Microsoft Office documents, web pages, and spam emails

Adobe Flash

The South Korean Computer Emergency Response Team (KR-CERT) has issued a security alert warning of a zero-day vulnerability affecting Adobe's Flash Player.

Deployed in the wild, the malicious code is said to affect the latest version of Flash (28.0.0.137) and earlier across all OS platforms, and is said to give attackers the ability to persuade users to open Microsoft Office documents, web pages, and spam emails.

Advertisement - Article continues below

The bug is also believed to come in the form of a Flash SWF file embedded in MS Word documents.

"An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code," KR-CERT warned.

Adobe is now recommending that users disable or uninstall Adobe Flash Player from their systems until it issues a patch.

"Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. We plan to address this in a release scheduled for the week of February 5," Adobe said in its security advisory.

"Beginning with Flash Player 27, administrators have the ability to change Flash Player's behaviour when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content."

Advertisement
Advertisement - Article continues below

Adobe recommended that administrators could also consider implementing Protected View for Office to help circumvent hacks as "Protected View opens a file marked as potentially unsafe in Read-only mode".

Advertisement - Article continues below

However, security expert Simon Choi of South Korean cyber firm Hauri, thinks there's much more to it than just your standard homebrew hacking. He tweeted that the zero-day flaw has been made and deployed by North Korean threat actors and used since mid-November 2017.

He added that hackers are using it to try and infect South Koreans researching North Korea.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020