Adobe Flash has long been the bane of security experts and IT admins worldwide. What started out as a multimedia platform for making rich applications has, over the years, turned into a security nightmare.
The vulnerabilities in Flash have been so numerous that most of today’s browsers block Flash content by default. In fact, Google Chrome allows Flash to run with user content, but only in a secure sandbox. Granted, Adobe has, over time, managed to make Flash more secure, and the instances of attacks via Flash have reduced. That said, it’s just as likely that industry disdain for Flash has forced hackers to look for greener pastures.
It’s now been reported that a new zero-day vulnerability for Flash has been discovered and apparently, it’s being exploited by hackers to infect computers in South Korea. As ArsTechnica notes in its report on the matter, researchers haven’t said outright that North Korea is behind the attacks, but it is very likely.
The vulnerability is being exploited by a hacker group that’s been dubbed as Group 123. It spreads via an infected excel file and according to Talos, a security group under Cisco Systems, Group 123 is using social engineering attacks to spread the malware. Talos states that the group is very comfortable with the Korean language and is familiar with the Korean peninsula. The attack can let a hacker take control of an infected system.
Group 123 has not been known to use zero-day vulnerabilities, and previously targeted older, unpatched vulnerabilities.
Adobe has published a security advisory on the matter and indicated that Adobe Flash Player version 18.104.22.168 and earlier are vulnerable. Adobe has stated that the issue will be addressed in a new release planned in the week of 5 February.
Updated Date: Feb 03, 2018 14:05 PM