Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Adobe Flash 0-Day Used Against South Korean Targets - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Flash 0-Day Used Against South Korean Targets

the Koren CERT announced that it is aware of a so far unpatched Adobe Flash vulnerability that is being exploited in targeted attacks [1]. All versions of Adobe Flash Player including 28.0.0.137 are vulnerable. 28.0.0.137 was released in January as part of Adobe's normal patch Tuesday. Adobe has not yet released an advisory, and the only confirmation so far is a twitter post from a Korean security researcher [2]. [See update below about Adobe's advisory]

According to KrCERT's advisory, the exploit can be included in a Microsoft Office document or a web page. As a workaround, KrCERT recommends disabling or uninstalling the Flash Player. Firefox appears to be not vulnerable to the web-based exploit. 

Update: Adobe just released a security advisory [3]. The vulnerability, CVE-2018-4878, will be fixed with next weeks update. 

[1] https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=26998
[2] https://twitter.com/issuemakerslab/status/959006385550778369
[3] https://helpx.adobe.com/security/products/flash-player/apsa18-01.html

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

Defending Web Applications Security Essentials - SANS Amsterdam September 2018

Johannes

3323 Posts
ISC Handler
Here is one I see. Testing is prudent

https://www.flashpoint-intel.com/blog/targeted-attacks-south-korean-entities/
Anonymous

Sign Up for Free or Log In to start participating in the conversation!