After the North Korea’s APT group was noticed exploiting the CVE-2018-4878 vulnerability in targeted attacks, Adobe released an emergency patch to fix it. The patch addressed two critical Flash player vulnerabilities, including the CVE-2018-4878 flaw.
About a week ago, the South Korea’s Internet & Security Agency (KISA) alerted users of a Flash zero-day vulnerability (CVE-2018-4878) which has been exploited by North Korean hackers. The alert published by the KISA stated that the flaw affects the latest Flash Player version 126.96.36.199 and earlier.
The attack could exploit the zero-day vulnerability by making victims opening a document, web page or email that contains a specially created Flash file.
“A zero-day vulnerability has been found in Adobe Flash Player. An attacker may be able to convince a user to open a Microsoft Office document, web page, or spam mail containing a Flash file,” the advisory published by CERT states.
The security expert Simon Choi claims that the Flash Player zero-day has been exploited by North Korea since November, last year. The hackers exploited the zero-day flaw in attacks targeting South Korean users who participated in researches on North Korea.
The attackers exploited the security flaw to distribute malware via malicious Microsoft Excel files.
According to FireEye and Cisco, behind the latest cyber attack is a North Korean group that they have been following for a while. The hackers group is called TEMP.Reaper and it’s been related to North Korea since last year.
The emergency patch released by Adobe addressed the recent flaw and fixed the CVE-2018-4877 remote code execution vulnerability, found by Qihoo 360 Vulcan Team.
“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to remote code execution in Adobe Flash Player 188.8.131.52 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.” the Adobe security advisory states.
“Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.”
The two security flaws are rated critical for all supported operating systems, and the only unique exception is the Linux build of Adobe Flash Player Desktop Runtime.