Adobe Patches Flash Zero-Day Used in South Korean Attacks
Adobe issued its planned security update today for a previously unknown vulnerability in Flash Player that was exploited in targeted attacks against South Korean individuals. The software firm last week promised to patch the critical use-after-free bug, which was discovered and reported by South Korea’s Computer Emergency Response Team.
The attacks, believed to be the handiwork of a state-sponsored campaign by North Korea, inserted malicious Flash content inside Microsoft Office documents emailed to the victims. The vulnerability (CVE-2018-4878) allows remote code execution.
Adobe in its Flash update also patched a second critical use-after-free flaw in Flash, CVE-2018-4877, which also allows an attacker to remotely execute code on the victim’s machine.
For details on the security update, see Adobe’s advisory here.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio