Adobe Flash Player 0-day Found in the Wild

TACTICAL CYBER INTELLIGENCE REPORT

Actor Type: II
Serial: TR-18-036-001
Countries: CN, IN
Report Date: 20180204

Adobe Flash Player 0-day Found in the Wild

On 31 January 2018, South Korea’s Computer Emergency Response Team (KR-CERT) published an advisory [1] about an Adobe Flash zero-day vulnerability being exploited in the wild.  On 1 February 2018, Adobe released an advisory [2] confirming the vulnerability exists in Adobe Flash Player.  The vulnerability is dubbed, “CVE-2018-4878.”

Impact

The vulnerability exists in version 28.0.0.137 and earlier as detailed in the table below:

Product

Operating Environment

Affected Versions

Adobe Flash Player

Desktop Runtime

Windows, Mac, Linux

28.0.0.137 and earlier

Adobe Flash Player

for Google Chrome        

Windows, Mac, Linux, Chrome OS

28.0.0.137 and earlier

Adobe Flash Player

for Microsoft Edge

and Internet Explorer 11

Windows 10, 8.1

28.0.0.137 and earlier

 

Successful exploitation of the vulnerability could allow attackers to take control of the target’s computer.   Cyber researchers first reported the campaign on Twitter, saying the North Korean hackers have been using the Flash zero-day against South Koreans since mid-November 2017. [3] 

Mitigation and Prevention Strategies

A patch is expected on the release planned on 5 February 2018.  Meanwhile users should follow the following steps to avoid infection by malware using this vulnerability:

  • Uninstall Adobe Flash player until the patch arrives.
  • Open documents in MS Office protected view
  • Avoid visiting untrusted websites
  • Avoid opening unknown and suspicious emails and documents
  • Use an updated antivirus program
  • Disable Flash in browsers

Contact the Wapack Labs for more information: 603-606-1246, or feedback@wapacklabs.com.

 

[1] https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=26998

[2] https://helpx.adobe.com/security/products/flash-player/apsa18-01.html

[3] https://twitter.com/issuemakerslab/status/959006385550778369

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!