Adobe Systems says it plans to address a critical zero-day vulnerability in Flash Player that a researcher asserts is being actively exploited in the wild to attack South Koreans conducting research on North Korea.
A Feb. 1 advisory from Adobe warns that the use-after-free flaw, CVE-2018-4878, can be leveraged by attackers to take control of an affected system and is being used in “limited, targeted attacks against Windows users.”
Kr-CERT/CC, South Korea's national computer emergency response team, issued a security bulletin on Wednesday, Jan. 31, stating that attackers can exploit the flaw by embedding malicious Flash content in spam, emailed Microsoft Office documents, or web pages.
Simon Choi, director of the Next Generation Security Research Center at Seoul-based computer software company Hauri, Inc. – also affiliated with South Korea's Cyber Warfare Intelligence Center (CWIC) – tweeted that the zero-day bug was first exploited by North Korea in mid-November 2017, in order to target “South Koreans who mainly do research on North Korea.”
Until a patch is distributed, Kr-CERT recommends that users remove Flash Player, avoid opening suspicious emails, and keep anti-virus programs updated. Alternatively, users may be able to limit the potential for damage by using Firefox as their browser.
Adobe warns the following products are affected: versions 220.127.116.11 and earlier of Adobe Flash Player Desktop Runtime (Windows and Mac), Adobe Flash Player for Google Chrome (Windows, Macintosh, Linux and Chrome OS), Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (Windows 10 and 8.1), and Adobe Flash Player Desktop Runtime (Linux).