Adobe Flash 0-Day Attack

From SANS Internet Storm Center:

https://isc.sans.edu/forums/diary/Adobe+Flash+0Day+Used+Against+South+Korean+Targets/23301/

Korean CERT announced that it is aware of a so far unpatched Adobe Flash vulnerability that is being exploited in targeted attacks.

All versions of Adobe Flash Player including 28.0.0.137 are vulnerable. 28.0.0.137 was released in January as part of Adobe’s normal patch Tuesday.

According to KrCERT’s advisory, the exploit can be included in a Microsoft Office document or a web page. As a workaround, KrCERT recommends disabling or uninstalling the Flash Player. Firefox appears to be not vulnerable to the web-based¬†exploit.

Adobe’s response:

https://helpx.adobe.com/security/products/flash-player/apsa18-01.html

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

Adobe will address this vulnerability in a release planned for the week of February 5.

My advice is to remove Flash from any critical system. It’s too risky and continues to prove itself to be a security nightmare.