Adobe has finally released a critical security update patching a zero-day vulnerability in its Flash player that has been linked to North Korean government hacking groups and reportedly exploiting since November.
After the flaw was uncovered, the South Korean Computer Emergency Response Team (KR-CERT) warned citizens of the bug. Code-named CVE-2018-4878, it was thought to allow hackers to take advantage of Office documents with embedded malicious Flash content distributed via email.
The South Korean authorities believed that hackers associated with the authoritarian government in Pyongyang were using the zero-day vulnerability to launch attacks on South Korean researchers working on projects about North Korea.
Simon Choi, a security researcher based in South Korea, has spent much of his time, recently, exploring the flaw and said last week he believes North Korean hackers first started using the flaw as long ago as November 2017.
"Flash zero-day vulnerability made by North Korea has been used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea," he wrote on Twitter at the time.
After acknowledging the flaw last week, Adobe has finally published an updated advisory, issuing a fix for the problem, stating it was "aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users".
It continued: "These updates address critical vulnerabilities that could lead to remote code execution in Adobe Flash Player 220.127.116.11 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system."
Along with the fix to CVE-2018-4878, Adobe's latest release also fixes CVE-2018-4877, which is also rated critical and can enable attackers to execute code remotely. The discovery of this flaw is credited to "bo13oy" of Qihoo 360's Vulcan Team, working alongside Trend Micro's Zero Day Initiative.
However, Adobe reckons the latter vulnerability hasn't yet been used in any known attacks.
The flight will take off from California's Mojave Air and Space Port and could happen as soon as 13th December
Earth was showered with heavy particles called muons, which could have caused mutations and cancer in animals
Uber manager raised concerns about self-driving vehicle programme five days before fatal Uber crash in Arizona
Uber manager complained about series of near misses by autonomous vehicles that had not been properly investigated
Privilege escalation bug already being exploited in the wild