Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Adobe Patches Flash Zero-Day Used in South Korean Attacks
Critical flaw is one of two critical use-after-free vulnerabilities in Flash fixed today by the software firm.
1 Min Read
Adobe issued its planned security update today for a previously unknown vulnerability in Flash Player that was exploited in targeted attacks against South Korean individuals. The software firm last week promised to patch the critical use-after-free bug, which was discovered and reported by South Korea's Computer Emergency Response Team.
The attacks, believed to be the handiwork of a state-sponsored campaign by North Korea, inserted malicious Flash content inside Microsoft Office documents emailed to the victims. The vulnerability (CVE-2018-4878) allows remote code execution.
Adobe in its Flash update also patched a second critical use-after-free flaw in Flash, CVE-2018-4877, which also allows an attacker to remotely execute code on the victim's machine.
For details on the security update, see Adobe's advisory here.
About the Author
You May Also Like
More Insights
