Adobe has finally got round to patching a Flash zero-day security flaw that has been exploited by hackers linked with North Korea since at least November.
Indeed, the company has only just issued a warning about it, despite having been warned last year, while the patch won't be issued until Monday.
Cyber security researchers and South Korean authorities have long warned that cyber attackers based in the North have been tapping into a new Adobe Flash zero day flaw.
They believe that hackers associated with the authoritarian government in Pyongyang are using the zero-day vulnerability to launch attacks on South Korean researchers working on projects about North Korea.
After the serious flaw was uncovered, the South Korean Computer Emergency Response Team (KR-CERT) warned citizens that an "attacker may be able to convince a user to open a Microsoft Office document, web page, or spam mail containing a Flash file".
Attackers have been embedding a dodgy Flash SWF file into seemingly innocent looking Word and Excel documents in order to infect victims' computers. But the researchers have slammed Adobe for not doing enough to tackle the flaw.
During this time, Adobe has not offered much insight into the flaw, but experts at KR-CERT have offered recommendations, while Adobe works on a patch. They include removing Flash Player completely and using the Firefox web browser.
Simon Choi, a security researcher based in South Korea, has spent much of his time exploring the flaw. He believes that North Korean hackers first started using the flaw in November 2017.
"Flash zero-day vulnerability made by North Korea has been used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea," he wrote on Twitter yesterday.
Adobe has finally got round to issuing an advisory based on the flaw (CVE-2018-4878), which is rated as critical. The company promised to release a patch on 5 February.
"Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users," it explained.
"These attacks leverage Office documents with embedded malicious Flash content distributed via email."
New regulation expected to cut greenhouse gas emissions by about 17 million metric tonnes between 2020 and 2050
Molybdenum ditelluride is a two-dimensional material that can be easily stacked into multiple layers to create a memory cell
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime