Critical flaw is one of two critical use-after-free vulnerabilities in Flash fixed today by the software firm.
Adobe issued its planned security update today for a previously unknown vulnerability in Flash Player that was exploited in targeted attacks against South Korean individuals. The software firm last week promised to patch the critical use-after-free bug, which was discovered and reported by South Korea's Computer Emergency Response Team.
The attacks, believed to be the handiwork of a state-sponsored campaign by North Korea, inserted malicious Flash content inside Microsoft Office documents emailed to the victims. The vulnerability (CVE-2018-4878) allows remote code execution.
Adobe in its Flash update also patched a second critical use-after-free flaw in Flash, CVE-2018-4877, which also allows an attacker to remotely execute code on the victim's machine.
For details on the security update, see Adobe's advisory here.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024