Computer Security Zero-Day Adobe Flash Vulnerability Used Against South...

Zero-Day Adobe Flash Vulnerability Used Against South Korean Targets

flash zero-day vulnerability against south koreaAdobe's Flash has a new security flaw. In other news, water is wet.

Joking aside, the vulnerability is fairly serious. It was first reported by the South Korean Computer Emergency Response Team (CERT) on Wednesday, and it allows remote code execution through all currently available versions of Flash on Windows, MacOS, Linux, and Chrome OS. The vulnerability has its own CVE code, CVE-2018-4878, and Adobe said they'll fix it on February 5.

Simon Choi, a researcher working for a South Korean company called Hauri, has already seen the exploit in action. The screenshot he posted on Twitter shows that a Flash object is sitting inside a cell in an Excel Spreadsheet, but it's not yet clear if the user has to manually click on it to activate the exploit.

In any case, this type of attack could prove to be more effective than the old-fashioned macros for two reasons. The first one is obvious: the macro-laced malicious documents have been so prolific, that users are more or less aware of the dangers associated with them.

The second advantage of CVE-2018-4878 is that it requires less user interaction. By default, Office documents downloaded from the Internet are opened in Protected View. To edit them, the potential victims need to manually disable the read-only mode. If there are macro instructions, the user will also need to click a few more buttons to allow the code execution. With CVE-2018-4878, the victims just need to disable Protected View.

According to Mr. Choi, the zero-day was discovered by North Korean hackers, and it has been used against South Koreans researching the communist regime. The documents apparently started flying around in mid-November, and the targeted nature of the attack shows that most of the regular users weren't affected. Nevertheless, with the public knowledge of a yet-to-be-patched vulnerability, hackers are bound to search for it, and if they find it before you get to update your Flash player, they could weaponize it in a more widely-spread campaign.

So, if you're using Flash, make sure you update it as soon as February 5's update comes out. If you're not using it, do the sensible thing, and remove it from your computer.

Loading...