Hacker News

(Unpatched) Adobe Flash Player Zero-Day Exploit Spotted in the Wild

flash-zero-dy-exploit

Another reason to uninstall Adobe Flash Player—a new zero-day Flash Player exploit has reportedly been spotted in the wild by North Korean hackers.

South Korea’s Computer Emergency Response Team (KR-CERT) issued an alert Wednesday for a new Flash Player zero-day vulnerability that’s being actively exploited in the wild by North Korean hackers to target Windows users in South Korea.

Simon Choi of South Korea-based cybersecurity firm Hauri first reported the campaign on Twitter, saying the North Korean hackers have been using the Flash zero-day against South Koreans since mid-November 2017.

Although Choi did not share any malware sample or details about the vulnerability, the researcher said the attacks using the new Flash zero-day is aimed at South Korean individuals who focus on researching North Korea.

Adobe also released an advisory on Wednesday, which said the zero-day is exploiting a critical ‘use-after-free’ vulnerability (CVE-2018-4878) in its Flash media software that leads to remote code execution.