A new critical Adobe Flash Player zero-day vulnerability has been reported in the wild. The vulnerability identified as CVE-2018-4878 is currently believed to be actively being exploited against South Koreans. According to the South Korean Computer Emergency Response Team which discovered the zero-day, the zero-day is believed to be a Flash SWF file embedded in MS Word documents. An attacker just needs to convince a user to open a Microsoft Office document, web page, or a spam mail containing the Flash file and can take complete control of the underlying system.
Adobe has released an advisory (APSA18-01) acknowledging the existence of this critical vulnerability. According to Adobe,
Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email. Adobe will address this vulnerability in a release planned for the week of February 5.
Affected versions of Adobe Flash Player:
Until Adobe releases a security patch for the vulnerability following temporary recommendations can be employed,
- Implement Protected View for Office. Protected View opens a file marked as potentially unsafe in read-only mode.
- Change Flash Player’s behavior prompting the user before playing SWF content.
- Remove Adobe Flash Player if not required.
- Do not open an unknown email attachment, links, office documents etc.
- Do not download anything from unknown sources or sites.
- Always use latest updates of antivirus programs, and enable real-time monitoring.