BREAKING —South Korean authorities have issued a warning regarding a brand new Flash zero-day deployed in the wild.
According to a security alert issued by the South Korean Computer Emergency Response Team (KR-CERT), the zero-day affects Flash Player installs 188.8.131.52 and earlier. Flash 184.108.40.206 is the current Flash version number.
“An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code,” KR-CERT said. The malicious code is believed to be a Flash SWF file embedded in MS Word documents.
Zero-day is the work of North Korean hackers
Simon Choi, a security researcher with Hauri Inc., a South Korean security firm, says the zero-day has been made and deployed by North Korean threat actors and used since mid-November 2017. Choi says attackers are trying to infect South Koreans researching North Korea.
Flash 0day vulnerability that made by North Korea used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea. (no patch yet) pic.twitter.com/bbjg1CKmHh
— Simon Choi (@issuemakerslab) February 1, 2018
The Agency is now recommending that users disable or uninstall Adobe Flash Player from their systems until Adobe issues a patch.
“Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. We plan to address this in a release scheduled for the week of February 5,” an Adobe spokesperson told Bleeping Computer today via email.
“Beginning with Flash Player 27, administrators…