Adobe: Unpatched Flash Bug Has Been Used In Attacks Since November

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

The latest security issue with Flash Player has been exploited by North Korean attackers in targeted hacks since late last year, researchers say

HSBC, securityAdobe has said it plans to release an emergency patch this week for a flaw in Flash Player that attackers are said to have been using to carry out hacks since November.

South Korea’s Computer Emergency Response Team (KR-CERT) discovered the bug and reported it to Adobe, the company said.

KR-CERT released a public advisory last week warning hackers were exploiting the bug via Microsoft Office documents, web pages or email messages containing malicious Flash files.

The attackers using the bug are based in North Korea and have been using it since November of last year to target South Korean researchers involved in projects that focus on the North, according to Simon Choi, director of the security research centre operated by Seoul-based antivirus company Hauri.

In use for months

“Flash 0day vulnerability… made by North Korea used from mid-November 2017,” he said in a post on Twitter. “They attacked South Koreans who mainly do research on North Korea.”

Adobe confirmed it was aware of reports of “limited, targeted attacks” on Windows systems.

“Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users,” the company said in an advisory. “These attacks leverage Office documents with embedded malicious Flash content distributed via email.”

The firm ranked the bug “critical” and said it could be used to exploit malicious code of the attacker’s choice on a system, effectively taking it over. The alert represents Adobe’s first Flash security issue of this year.

Security weak spot

Adobe is scheduled to release a set of regular monthly patches next week, but is bringing the Flash patch forward due to its seriousness.

Security experts advised users to uninstall Flash Player or set it to play content only when activated by the user.

Flash Player has become a notoriously popular target for hackers in recent years, due in part to the fact that it’s included with popular browsers, giving it a broad installed presence on computer systems.

The resulting security problems contributed to Adobe’s decision last year to phase the platform out by 2020.

Do you know all about security? Try our quiz!