[German]South Korean authorities and also Adobe released a security warning/advisory about Adobe Flash. A Zero-Day-Exploit for Adobe Flash Player has been detected in the wild.
Korea CERT warning about Adobe Flash Player
Within this Security Bulletin Koreans CERT issued a warning about Adobe Flash Player. A zero-day vulnerability has been found in Adobe Flash Player. An attacker can trick a user into opening a Microsoft Office document, a web page, or a spam mail with a Flash file attachment.
Adobe Flash Player ActiveX 126.96.36.199.137 and earlier versions are vulnerable. This is the current version of the Flash Player, whereby the ActiveX element is vulnerable in the browser or in other programs.
Adobe issued an Advisory
Also Adobe has released now a Security Advisory for Flash Player APSA18-01. CVE-2018-4878 addresses a use after free vulnerability, that allows a remote code execution. All existing Flash versions are affected. Adobe plans to release a fix next week (February 5, 2018).
What can I do?
Until a security patch for this vulnerability in Flash Player is released by Adobe, Korea CERT suggests uninstalling Flash from the Control Panel – Uninstall program.
However, this is not possible in Windows 8.1 and Windows 10. Here I suggest to go through the notes in my blog post Flash-Player in Windows 8,8.1,10 disable disable Flash-Player. There you will find a description of the registry entries to disable the ActiveX element in Internet Explorer or block Flash using group policy. I’ve discussed several ways within my blog post How to disable Adobe Flash Player in Windows 8, 8.1, 10.
Korean CERT made also the following suggestions:
- Don’t trust a web site
- Don’t open attachments from unknown e-mail senders
- Keep your antivirus up to date and enable real time protection
Korean CERT suggest also to avoid using Internet Explorer (IE) and Google Chrome and use Firefox, until an update is available. But my impression is, that these advices are not too helpful. Disable Adobe Flash, as outlined above will be a better way.
Who’s behind this attack?
According to Bleeping Computer North Korea is behind this attac. Bleeping Computer zites Simon Choi. Simon Choi, a security researcher from Hauri Inc., a south korean security firm, says, the Zero Day exploit has been developed from north korean hackers and is used since mid-November 2017.
Flash 0day vulnerability that made by North Korea used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea. (no patch yet) pic.twitter.com/bbjg1CKmHh
— Simon Choi (@issuemakerslab) 1. Februar 2018