Adobe has finally got round to patching a Flash zero-day security flaw that has been exploited by hackers linked with North Korea since at least November.
Indeed, the company has only just issued a warning about it, despite having been warned last year, while the patch won't be issued until Monday.
Cyber security researchers and South Korean authorities have long warned that cyber attackers based in the North have been tapping into a new Adobe Flash zero day flaw.
They believe that hackers associated with the authoritarian government in Pyongyang are using the zero-day vulnerability to launch attacks on South Korean researchers working on projects about North Korea.
After the serious flaw was uncovered, the South Korean Computer Emergency Response Team (KR-CERT) warned citizens that an "attacker may be able to convince a user to open a Microsoft Office document, web page, or spam mail containing a Flash file".
Attackers have been embedding a dodgy Flash SWF file into seemingly innocent looking Word and Excel documents in order to infect victims' computers. But the researchers have slammed Adobe for not doing enough to tackle the flaw.
During this time, Adobe has not offered much insight into the flaw, but experts at KR-CERT have offered recommendations, while Adobe works on a patch. They include removing Flash Player completely and using the Firefox web browser.
Simon Choi, a security researcher based in South Korea, has spent much of his time exploring the flaw. He believes that North Korean hackers first started using the flaw in November 2017.
"Flash zero-day vulnerability made by North Korea has been used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea," he wrote on Twitter yesterday.
Adobe has finally got round to issuing an advisory based on the flaw (CVE-2018-4878), which is rated as critical. The company promised to release a patch on 5 February.
"Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users," it explained.
"These attacks leverage Office documents with embedded malicious Flash content distributed via email."
Nanocrystals embedded in glass or a polymer could be the next step for nano-crystal storage method
Space Telescope to be used as part of the organisation's Transiting Exoplanet Survey Satellite
Second quarter PC sales up by 2.7 per cent, suggests IDC
Apple updates MacBook Pro with Coffee Lake CPUs, 32GB memory and up to 4TB storage - at a price, of course
A maxxed out MacBook Pro will cost a mere £6,209