Desperately needed fix for Flash Player bug exploitation released by Adobe

News by Bradley Barth

Adobe Systems today released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123.

Also in:

Adobe Systems today released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123, which reportedly is infecting targets with the ROKRAT remote administrative tool.

Both bugs are classified as use-after-free vulnerabilities that can result in remote code execution on devices operating on the Windows, Mac, Linux or Chrome operating system.

It was Kr-CERT/CC, South Korea's national computer emergency response team, that found CVE-2018-4878, the zero-day bug reportedly leveraged by hackers. Discovery of the other flaw, CVE-2018-4877, is credited to "bo13oy" of Qihoo 360's Vulcan Team, working with Trend Micro's Zero Day Initiative.

Topics:
Security

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events