Adobe Patches Flash Player 0-Day Allegedly Exploited in the Wild by North Korean Hackers
After researchers and authorities warned against an Adobe Flash Player vulnerability being used in the wild, the company had promised to deliver a patch this week. Adobe Flash Player version 18.104.22.168 has been released today to fix the flaws exploited by the attackers in the version 22.214.171.124 and earlier.
In its updated advisory, Adobe said that the company is “aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users.” The attack that was reported in an earlier piece leverages Office documents with embedded malicious Flash content distributed via email. Along with CVE-2018-4878, the latest release also fixes CVE-2018-4877 – both rated critical and can enable attackers to execute code remotely. The later was reported to Adobe by bo13oy of Qihoo 360 working with Trend Micro’s Zero Day Initiative (ZDI). Adobe believes this vulnerability hasn’t been used in any known attacks.
Flash bug was first reported by South Korean authorities and researchers
Last week, the South Korean Computer Emergency Response Team (KR-CERT) had issued a warning against targeted attacks that were exploiting a previously undisclosed Flash Player zero-day vulnerability. In its warning, KR-CERT said that an “attacker may be able to convince a user to open a Microsoft Office document, web page, or spam mail containing a Flash file.”
South Korean researchers had claimed that North Korean threat actors have been exploiting this Flash Player zero day since mid November, 2017, primarily targeting South Korean researchers focused on North Korea.
FireEye later also said that based on IP addresses used to access command and control (C&C) servers, it is likely attackers are in North Korea. “The majority of their targeting has been South Korea focused, targeting the government, military, and defense industrial base as well as other industry,” FireEye wrote. “They have also taken an interest in predictable North Korean interests such as unification efforts and defectors.”