Skip to main content

(Unpatched) Adobe Flash Player Zero-Day Exploit Spotted in the Wild


Another reason to uninstall Adobe Flash Player—a new zero-day Flash Player exploit has reportedly been spotted in the wild by North Korean hackers.

South Korea's Computer Emergency Response Team (KR-CERT) issued an alert Wednesday for a new Flash Player zero-day vulnerability that's being actively exploited in the wild by North Korean hackers to target Windows users in South Korea.

Simon Choi of South Korea-based cybersecurity firm Hauri first reported the campaign on Twitter, saying the North Korean hackers have been using the Flash zero-day against South Koreans since mid-November 2017.

Although Choi did not share any malware sample or details about the vulnerability, the researcher said the attacks using the new Flash zero-day is aimed at South Korean individuals who focus on researching North Korea.

Adobe also released an advisory on Wednesday, which said the zero-day is exploiting a critical 'use-after-free' vulnerability (CVE-2018-4878) in its Flash media software that leads to remote code execution


The critical vulnerability affects Adobe Flash Player version 28.0.0.137 and earlier versions for:
  • Desktop Runtime (Win/Mac/Linux)
  • Google Chrome (Win/Mac/Linux/Chrome OS)
  • Microsoft Edge and Internet Explorer 11 (Win 10 & 8.1)

"Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users," the advisory said. "These attacks leverage Office documents with embedded malicious Flash content distributed via email. Adobe will address this vulnerability in a release planned for the week of February 5."

To exploit the vulnerability, all an attacker need to do is trick victims into opening Microsoft Office documents, web pages, or spam messages that contain a maliciously crafted Adobe Flash file.

The vulnerability can be leveraged by hackers to take control of an affected computer.

Choi also posted a screenshot to show that the Flash Player zero-day exploit has been delivered via malicious Microsoft Excel files.

Adobe said in its advisory that the company has planned to address this vulnerability in a "release planned for the week of February 5," through KR-CERT advises users to disable or completely remove the buggy software.

YOU MAY ALSO LIKE :-

Labels:
Location: United States

Comments

Post a Comment

Popular posts from this blog

[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. What are Spectre and Meltdown? We have explained both, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running...
Post a Comment
Read more

Check your Gmail Account Email is Secured or Not After 50 Lacs Gmail account Hacking

World Biggest Hacking 50Lacs Gmail Account Hacked by Russian Hackers. Hack Gmail List Post in Bitsec security forum. This hacking is done in 10 September 2014. Anyone can download  5 Million hacking gmail  list . Your password is compromised publicaly.  So how do you know your account is hacked is or not. This is one of the biggest hack in Gmail account.  So hackers use your gmail account password in illegal purposes. So I recommend you to check your gmail account password. Here we provide a website to check your email in the hacking list. If your name in the hacking list ,so change your password of gmail. Check your name in Gmail Hacking list  Follow the given steps. 1 Go to this website  ISLEAKED.COM  or  haveibeenpwned.com/ 2. Type of email and click on check it. 3. Now you know your account is hacked or not. YOU MAY ALSO LIKE : Make Fake FB Account in 1 Min Without Mobile and email Facebook Moves To Decide What ...
Post a Comment
Read more

Unlocked phones vs. locked phones: Why you should care

Should you get an unlocked phone? The US wireless market is more competitive than ever, which is great news for consumers who have lots of choices when it comes choosing a service provider. But one barrier still exists when trying to switch carriers: the locked smartphone. The end of wireless contracts marked a watershed trend for consumers because it finally opened the door for them to more easily shop around for alternative wireless carriers. But the software locks that carriers put on phones restricting its use on other networks still prevent many consumers from having total freedom when it comes to choosing a provider. Now Verizon, the only wireless carrier that sold its phones unlocked out of the box, is reversing course. The company  said earlier this week  it would begin locking the phones it sells to consumers for an undetermined period of time, which will prevent them from using a SIM card from another carrier. But Verizon promised it would eventually ...
Post a Comment
Read more