A new critical Adobe Flash Player zero-day vulnerability has been reported in the wild. The vulnerability identified as CVE-2018-4878 is currently believed to be actively being exploited against South Koreans. According to the South Korean Computer Emergency Response Team which discovered the zero-day, the zero-day is believed to be a Flash SWF file embedded in MS Word documents. An attacker just needs to convince a user to open a Microsoft Office document, web page, or a spam mail containing the Flash file and can take complete control of the underlying system.
Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email. Adobe will address this vulnerability in a release planned for the week of February 5.
Affected versions of Adobe Flash Player:
- Flash Player versions 126.96.36.199 and earlier for Windows, Macintosh, and Linux.
- Flash Player version 188.8.131.52 and earlier for Adobe Flash Player for Google Chrome.
- Flash Player version 184.108.40.206 and earlier for Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 and Windows 8.1.
Until Adobe releases a security patch for the vulnerability following temporary recommendations can be employed,
- Implement Protected View for Office. Protected View opens a file marked as potentially unsafe in read-only mode.
- Change Flash Player’s behavior prompting the user before playing SWF content.
- Remove Adobe Flash Player if not required.
- Do not open an unknown email attachment, links, office documents etc.
- Do not download anything from unknown sources or sites.
- Always use latest updates of antivirus programs, and enable real-time monitoring.