Cyber criminals can take complete control of a user’s system by utilizing a zero-day vulnerability in Adobe Flash Player. This seems to presently be an issue only in the Korean peninsula, but may spread to other places soon.
The vulnerability was discovered on Wednesday when South Korea’s CERT, a security teams and incident report forum, issued a warning that a cyber attack code was circulating in the system’s environment which exploited the zero day flaw.
These office documents are leveraged by these attacks through embedded malicious Flash content which is distributed via email. The malicious flash object residing inside the file is triggered and then installs a remote administration tool ROKRAT.
Researchers from Cisco System’s Talos group has made this issue public.
Here are the affected products:
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (18.104.22.168 and earlier versions)
- Adobe Flash Player Desktop Runtime (22.214.171.124 and earlier versions)
- Adobe Flash Player for Google Chrome (126.96.36.199 and earlier versions)
In spite of the first ROKRAT attack previous year, using a slightly distinct attack vector, the targets in both of the cases are exclusively in South Korea, while the attacks are being claimed to have originated from a hacking group known as ‘Group 123’.
The latest exploit suggests that the group has matured into a much more sophisticated and skilled entity.
As always, North Korea is being suspected to have been using it to compromise computer systems in their neighbouring country.
The researcher have limited themselves from giving further details. On the other than, Adobe plans to solve the problem in a few days.
It is aware of the existence of an exploit for CVE-2018-4878 and also alert to its present utilization in limited, targeted attacks against Windows users.
Similarly, the Smoke Loader malware is also another example of hackers using the hype of a big vulnerability to target victims.