UPDATED 21:09 EST / FEBRUARY 04 2018

INFRA

New Adobe Flash critical vulnerability is being exploited in the wild

A newly discovered critical vulnerability in Adobe Systems Inc.’s Flash player is being actively exploited, possibly by North Korean hackers.

The newly uncovered vulnerability (CVE-2018-4878) exists in recent versions of Flash up to 28.0.0.137 and gives an attacker Remote Code Execution access, which allows them to take control of the affected system.

The attack vector involves a phishing campaign that uses an Excel spreadsheet with an embedded Flash SWF file. Once a victim clicks on the file, the Flash file installs ROKRAT, a remote-access hacking tool discovered in April 2017 that gives the attackers control of the victim’s personal computer.

Despite the first ROKRAT attack last year using a slightly different attack vector, the targets in both cases are exclusively in South Korea, with the attacks being attributed to a hacking group called Group 123.

“Group 123 have now joined some of the criminal elite with this latest payload of ROKRAT,” Talos researchers wrote in a blog post. “They have used an Adobe Flash 0day which was outside of their previous capabilities—they did use exploits in previous campaigns but never a net new exploit as they have done now. This change represents a major shift in Group 123s maturity level, we can now confidentially assess Group 123 has a highly skilled, highly motivated and highly sophisticated group.”

Although North Korea was not directly blamed for the attacks, Ars Technica noted that the hackers speak perfect Korean and at least one South Korean security researcher is claiming that the Flash exploit was “made by North Korea.”

North Korea has been behind many hacking campaigns, motivated by both efforts to steal sensitive data and to profit via the theft of cryptocurrencies. In December, the U.S. government said that the hermit kingdom was behind in the infamous WannaCry ransomware attacks earlier in the year, and a report in September noted that the country was hacking bitcoin exchanges.

There’s no patch available yet for the exploit, though Adobe promises to release one this week. Flash users are advised by multiple sources that the best thing they can do to protect themselves from this exploit and ongoing Flash exploits is to uninstall and stop using Flash altogether.

Image: LunarEclipse/Sketchport

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU