Critical flaw is one of two critical use-after-free vulnerabilities in Flash fixed today by the software firm.

Dark Reading Staff, Dark Reading

February 7, 2018

1 Min Read

Adobe issued its planned security update today for a previously unknown vulnerability in Flash Player that was exploited in targeted attacks against South Korean individuals. The software firm last week promised to patch the critical use-after-free bug, which was discovered and reported by South Korea's Computer Emergency Response Team.

The attacks, believed to be the handiwork of a state-sponsored campaign by North Korea, inserted malicious Flash content inside Microsoft Office documents emailed to the victims. The vulnerability (CVE-2018-4878) allows remote code execution.

Adobe in its Flash update also patched a second critical use-after-free flaw in Flash, CVE-2018-4877, which also allows an attacker to remotely execute code on the victim's machine.

For details on the security update, see Adobe's advisory here.

 

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights