Security Alert for users of Adobe flash player.
A new zero-day flash player exploit has reportedly been spotted in the wild by North Korean hackers.
A zero-day vulnerability, also known as a computer zero-day, is a flaw in the software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. It may refer to the vulnerability itself, or it may refer to a zero-day exploit, an attack that uses the zero-day vulnerability to attack vulnerable systems.
The zero-day exploit is an attack that exploits a previously unknown security vulnerability. A zero-day attack is also sometimes defined as an attack that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known.
Adobe Flash Player now suffering from brand New Zero-day vulnerability with high severity rate and researchers believes that it cause a Severe impact on ActiveX Support browsers which leads to compromise the Windows PC.
Zero-day vulnerabilities are referred to attacks on vulnerabilities that have not been patched or made public.
This critical Zero-day vulnerability is presenting in current Adobe Flash Player ActiveX 18.104.22.168 and earlier versions.
South Korea’s Computer Emergency Response Team (KR-CERT) issued an alert Wednesday for a new Flash Player zero-day vulnerability that’s being actively exploited in the wild by North Korean hackers to target Windows users in South Korea.
Adobe also released an advisory on Wednesday, which said the zero-day is exploiting a critical ‘use-after-free’ vulnerability (CVE-2018-4878) in its Flash media software that leads to remote code execution.
To exploit the vulnerability, all an attacker need to do is trick victims into opening Microsoft Office documents, web pages, or spam messages that contain a maliciously crafted Adobe Flash file.
The vulnerability can be leveraged by hackers to take control of an affected computer.
Temporary Mitigation for this Zero-day Vulnerability
- Remove the flash player from computer Until Adobe releases a security patch for the vulnerability.
- Do not trust the website Scion visits and the source does not open an unknown email attachment viewing prohibited and links
- Keep the latest updates of antivirus programs, and enable real-time monitoring
- Use Firefox until a patch is available