Threat Management, Threat Intelligence, Malware, Network Security, Patch/Configuration Management, Phishing, Vulnerability Management

Adobe releases desperately needed fix for Flash Player bug exploited by zero-day attackers

Adobe Systems today released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123, which reportedly is infecting targets with the ROKRAT remote administrative tool.

Both bugs are classified as use-after-free vulnerabilities that can result in remote code execution on devices operating on the Windows, Mac, Linux or Chrome operating system.

It was Kr-CERT/CC, South Korea's national computer emergency response team, that found CVE-2018-4878, the zero-day bug reportedly leveraged by hackers. Discovery of the other flaw, CVE-2018-4877, is credited to "bo13oy" of Qihoo 360's Vulcan Team, working with Trend Micro's Zero Day Initiative.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.