South Korea’s Computer Emergency Response Team (KR-CERT) issued an alert Wednesday for a new Flash Player zero-day vulnerability that’s being actively exploited in the wild by North Korean hackers to target Windows users in South Korea.
Although Choi did not share any malware sample or details about the vulnerability, the researcher said the attacks using the new Flash zero-day is aimed at South Korean individuals who focus on researching North Korea.
Adobe also released an advisory on Wednesday, which said the zero-day is exploiting a critical ‘use-after-free’ vulnerability (CVE-2018-4878) in its Flash media software that leads to remote code execution.
The critical vulnerability affects Adobe Flash Player version 28.0.0.137 and earlier versions for:
- Desktop Runtime (Win/Mac/Linux)
- Google Chrome (Win/Mac/Linux/Chrome OS)
- Microsoft Edge and Internet Explorer 11 (Win 10 & 8.1)
“Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users,” the advisory said. “These attacks leverage Office documents with embedded malicious Flash content distributed via email. Adobe will address this vulnerability in a release planned for the week of February 5.“
The vulnerability can be leveraged by hackers to take control of an affected computer.
Choi also posted a screenshot to show that the Flash Player zero-day exploit has been delivered via malicious Microsoft Excel files.
Adobe said in its advisory that the company has planned to address this vulnerability in a “release planned for the week of February 5,” through KR-CERT advises users to disable or completely remove the buggy software.