Adobe rolled out an emergency patch that fixed CVE-2018-4878 flaw exploited by North Korea

cyber

Adobe rolled out an emergency patch that fixed two critical remote execution vulnerabilities, including the CVE-2018-4878 flaw exploited by North Korea.

Adobe has rolled out an emergency patch to address two Flash player vulnerabilities after North Korea’s APT group was spotted exploiting one of them in targeted attacks.

Last week, South Korea’s Internet & Security Agency (KISA) warned of a Flash zero-day vulnerability (CVE-2018-4878) that has reportedly been exploited in attacks by North Korea’s hackers.

According to the alert published by the KISA, the vulnerability affects the latest Flash Player version 28.0.0.137 and earlier.

The zero-day vulnerability could be exploited by an attack by tricking victims into opening a document, web page or email containing a specially crafted Flash file.

“A zero-day vulnerability has been found in Adobe Flash Player. An attacker may be able to convince a user to open a Microsoft Office document, web page, or spam mail containing a Flash file,” reads the advisory published by the Korean CERT.

According to the researcher Simon Choi the Flash Player zero-day has been exploited by North Korea since mid-November 2017. The attackers exploited the zero-day vulnerability in attacks aimed at South Korean individuals involved in research activity on North Korea.

Hackers exploited the vulnerability to deliver a malware, in the image shared by Choi on Twitter shows that the exploit has been delivered via malicious Microsoft Excel files.

To read the original article:

http://securityaffairs.co/wordpress/68785/hacking/cve-2018-4878-adobe-flash.html

 

Laisser un commentaire

Next Post

MacUpdate Hacked to Distribute Mac Cryptocurrency Miner

Another day, another cryptocurrency miner targeting users – This time, MacUpdate site has been hacked to drop cryptocurrency miner on Mac devices. MacUpdate, a well-known software download, and aggregator platform, has become a victim of a hack attack and the service is now distributing cryptocurrency miners to Mac users, revealed […]