ADOBE HAS FINALLY patched a zero-day vulnerability in its Flash player that has been North Korean hacking groups have reportedly been exploiting since November.
After the flaw was uncovered, the South Korean Computer Emergency Response Team (KR-CERT) warned citizens of the bug. Codenamed CVE-2018-4878, it was thought to allow hackers to take advantage of Office documents with embedded malicious Flash content distributed via email.
The South Korean authorities believed that hackers associated with the authoritarian government in Pyongyang were using the zero-day vulnerability to launch attacks on South Korean researchers working on projects about North Korea.
Simon Choi, a security researcher based in South Korea, has spent much of his time, recently, exploring the flaw and said last week he believes North Korean hackers first started using the flaw as long ago as November 2017.
“Flash zero-day vulnerability made by North Korea has been used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea,” he wrote on Twitter at the time.
After acknowledging the flaw last week, Adobe has finally published an updated advisory, issuing a fix for the problem. It states that it was “aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users”.
“These updates address critical vulnerabilities that could lead to remote code execution in Adobe Flash Player 22.214.171.124 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system,” Adobe continued.
Along with the fix to CVE-2018-4878, Adobe’s latest release also fixes CVE-2018-4877, which is also rated critical and can enable attackers to execute code remotely. The discovery of this flaw is credited to “bo13oy” of Qihoo 360’s Vulcan Team, working alongside Trend Micro’s Zero Day Initiative.
However, Adobe reckons the latter vulnerability hasn’t yet been used in any known attacks. µ
Source : Inquirer