TACTICAL CYBER INTELLIGENCE REPORT
Actor Type: II
Serial: TR-18-036-001
Countries: CN, IN
Report Date: 20180204
Adobe Flash Player 0-day Found in the Wild
On 31 January 2018, South Korea’s Computer Emergency Response Team (KR-CERT) published an advisory [1] about an Adobe Flash zero-day vulnerability being exploited in the wild. On 1 February 2018, Adobe released an advisory [2] confirming the vulnerability exists in Adobe Flash Player. The vulnerability is dubbed, “CVE-2018-4878.”
Impact
The vulnerability exists in version 28.0.0.137 and earlier as detailed in the table below:
Product | Operating Environment | Affected Versions |
Adobe Flash Player Desktop Runtime | Windows, Mac, Linux | 28.0.0.137 and earlier |
Adobe Flash Player for Google Chrome | Windows, Mac, Linux, Chrome OS | 28.0.0.137 and earlier |
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 | Windows 10, 8.1 | 28.0.0.137 and earlier |
Successful exploitation of the vulnerability could allow attackers to take control of the target’s computer. Cyber researchers first reported the campaign on Twitter, saying the North Korean hackers have been using the Flash zero-day against South Koreans since mid-November 2017. [3]
Mitigation and Prevention Strategies
A patch is expected on the release planned on 5 February 2018. Meanwhile users should follow the following steps to avoid infection by malware using this vulnerability:
- Uninstall Adobe Flash player until the patch arrives.
- Open documents in MS Office protected view
- Avoid visiting untrusted websites
- Avoid opening unknown and suspicious emails and documents
- Use an updated antivirus program
- Disable Flash in browsers
Contact the Wapack Labs for more information: 603-606-1246, or feedback@wapacklabs.com.
[1] https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=26998
[2] https://helpx.adobe.com/security/products/flash-player/apsa18-01.html
[3] https://twitter.com/issuemakerslab/status/959006385550778369
Comments