Zero-day flaw affects every version of Adobe’s Flash Player

Adobe Flash

The South Korean Computer Emergency Response Team (KR-CERT) has issued a security alert warning of a zero-day vulnerability affecting Adobe's Flash Player.

Deployed in the wild, the malicious code is said to affect the latest version of Flash (28.0.0.137) and earlier across all OS platforms, and is said to give attackers the ability to persuade users to open Microsoft Office documents, web pages, and spam emails.

The bug is also believed to come in the form of a Flash SWF file embedded in MS Word documents.

"An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code," KR-CERT warned.

Adobe is now recommending that users disable or uninstall Adobe Flash Player from their systems until it issues a patch.

"Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. We plan to address this in a release scheduled for the week of February 5," Adobe said in its security advisory.

"Beginning with Flash Player 27, administrators have the ability to change Flash Player's behaviour when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content."

Adobe recommended that administrators could also consider implementing Protected View for Office to help circumvent hacks as "Protected View opens a file marked as potentially unsafe in Read-only mode".

However, security expert Simon Choi of South Korean cyber firm Hauri, thinks there's much more to it than just your standard homebrew hacking. He tweeted that the zero-day flaw has been made and deployed by North Korean threat actors and used since mid-November 2017.

He added that hackers are using it to try and infect South Koreans researching North Korea.