Adobe has rolled out an emergency patch to address two Flash player vulnerabilities after North Korea’s APT group was spotted exploiting one of them in targeted attacks.
Last week, South Korea’s Internet & Security Agency (KISA) warned of a Flash zero-day vulnerability (CVE-2018-4878) that has reportedly been exploited in attacks by North Korea’s hackers.
According to the alert published by the KISA, the vulnerability affects the latest Flash Player version 28.0.0.137 and earlier.
The zero-day vulnerability could be exploited by an attack by tricking victims into opening a document, web page or email containing a specially crafted Flash file.
“A zero-day vulnerability has been found in Adobe Flash Player. An attacker may be able to convince a user to open a Microsoft Office document, web page, or spam mail containing a Flash file,” reads the advisory published by the Korean CERT.
According to the researcher Simon Choi the Flash Player zero-day has been exploited by North Korea since mid-November 2017. The attackers exploited the zero-day vulnerability in attacks aimed at South Korean individuals involved in research activity on North Korea.
Hackers exploited the vulnerability to deliver a malware, in the image shared by Choi on Twitter shows that the exploit has been delivered via malicious Microsoft Excel files.
Cisco and FireEye have both been investigating, and warn that a North Korean group that they have been following for a while are likely behind this latest attack. Called TEMP.Reaper by FireEye and Group 123 by Cisco, the group with ties to North Korea was very active in 2017.
Adobe addressed the bug with an emergency patch that also fixed another remote code execution vulnerability, tracked as CVE-2018-4877, that was discovered by researchers at Qihoo 360 Vulcan Team.
“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to remote code execution in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.” reads the security advisory published by Adobe.
“Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.”
The two vulnerabilities are rated critical for all supported operating systems, the unique exception is the Linux build of Adobe Flash Player Desktop Runtime.
There have been over 1,000 Adobe Flash vulnerabilities since it was released. Designed to make website development easier and providing additional features not supported by standard web browsers, it also adds complexity and a much broader attack surface. Web browsers no longer support Flash by default, but users often re-enable it for convenience. And just having it installed on your system may be enough for vulnerabilities like these ones to be exploited.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Adobe Flash Player, 8)
[adrotate banner=”5″]
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.