The South Korean Computer Emergency Response Team (KR-CERT) issued a security alert warning about zero-day vulnerability in the latest version of Adobe Flash Player 28.0.0.137.
According to the South Korean security firm Hauri Inc., the exploitation was detected in mid-November 2017. The attackers used Microsoft Excel files with embedded .swf document, which contained a malicious payload.
Screenshot of the malicious document looks as follows:
Flash 0day vulnerability that made by North Korea used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea. (no patch yet) pic.twitter.com/bbjg1CKmHh
— Simon Choi (@issuemakerslab) February 1, 2018
As for now there are no official comments on the issue from Adobe. We will keep an eye on this vulnerability and update our advisories accordingly:
https://www.cybersecurity-help.cz/vdb/SB2018020120
https://www.zero-day.cz/database/484/
This is a second zero-day vulnerability in 2018. The first one (CVE-2018-0802) was revealed by Microsoft in January.