New Adobe Flash Zero-Day exploit in the wild

Sicherheit[German]South Korean authorities and also Adobe released a security warning/advisory about Adobe Flash. A Zero-Day-Exploit for Adobe Flash Player has been detected in the wild.


Korea CERT warning about Adobe Flash Player

Within this Security Bulletin Koreans CERT issued a warning about Adobe Flash Player. A zero-day vulnerability has been found in Adobe Flash Player. An attacker can trick a user into opening a Microsoft Office document, a web page, or a spam mail with a Flash file attachment.

Adobe Flash Player ActiveX and earlier versions are vulnerable. This is the current version of the Flash Player, whereby the ActiveX element is vulnerable in the browser or in other programs.

Adobe issued an Advisory

Also Adobe has released now a Security Advisory for Flash Player APSA18-01. CVE-2018-4878 addresses a use after free vulnerability, that allows a remote code execution. All existing Flash versions are affected. Adobe plans to release a fix next week (February 5, 2018).

What can I do?

Until a security patch for this vulnerability in Flash Player is released by Adobe, Korea CERT suggests uninstalling Flash from the Control Panel – Uninstall program.

However, this is not possible in Windows 8.1 and Windows 10. Here I suggest to go through the notes in my blog post Flash-Player in Windows 8,8.1,10 disable disable Flash-Player. There you will find a description of the registry entries to disable the ActiveX element in Internet Explorer or block Flash using group policy. I've discussed several ways within my blog post How to disable Adobe Flash Player in Windows 8, 8.1, 10.


Korean CERT made also the following suggestions:

  • Don't trust a web site
  • Don't open attachments from unknown e-mail senders
  • Keep your antivirus up to date and enable real time protection

Korean CERT suggest also to avoid using Internet Explorer (IE) and Google Chrome and use Firefox, until an update is available. But my impression is, that these advices are not too helpful. Disable Adobe Flash, as outlined above will be a better way.

Who's behind this attack?

According to Bleeping Computer North Korea is behind this attac. Bleeping Computer zites Simon Choi. Simon Choi, a security researcher from Hauri Inc., a south korean security firm, says, the Zero Day exploit has been developed from north korean hackers and is used since mid-November 2017.

Similar articles:
Windows 10 V1703: Flash won't work in Edge
How to disable Adobe Flash Player in Windows 8, 8.1, 10

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *