Adobe has finally got round to patching a Flash zero-day security flaw that has been exploited by hackers linked with North Korea since at least November.
Indeed, the company has only just issued a warning about it, despite having been warned last year, while the patch won't be issued until Monday.
Cyber security researchers and South Korean authorities have long warned that cyber attackers based in the North have been tapping into a new Adobe Flash zero day flaw.
They believe that hackers associated with the authoritarian government in Pyongyang are using the zero-day vulnerability to launch attacks on South Korean researchers working on projects about North Korea.
After the serious flaw was uncovered, the South Korean Computer Emergency Response Team (KR-CERT) warned citizens that an "attacker may be able to convince a user to open a Microsoft Office document, web page, or spam mail containing a Flash file".
Attackers have been embedding a dodgy Flash SWF file into seemingly innocent looking Word and Excel documents in order to infect victims' computers. But the researchers have slammed Adobe for not doing enough to tackle the flaw.
During this time, Adobe has not offered much insight into the flaw, but experts at KR-CERT have offered recommendations, while Adobe works on a patch. They include removing Flash Player completely and using the Firefox web browser.
Simon Choi, a security researcher based in South Korea, has spent much of his time exploring the flaw. He believes that North Korean hackers first started using the flaw in November 2017.
"Flash zero-day vulnerability made by North Korea has been used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea," he wrote on Twitter yesterday.
Adobe has finally got round to issuing an advisory based on the flaw (CVE-2018-4878), which is rated as critical. The company promised to release a patch on 5 February.
"Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users," it explained.
"These attacks leverage Office documents with embedded malicious Flash content distributed via email."
Tesla founder leaves OpenAI group - while Valve Software's Gabe Newell joins
'If someone were to venture into one of these relatively benign black holes, they could survive, but their past would be obliterated,' he claims
Captured by accident by an amateur astronomer in Argentina
Electric eel the inspiration for battery that uses hydrogel to store power