Adobe patches Flash 0-day (CVE-2018-4878)

Adobe has released security updates that fix critical vulnerabilities, to include one zero-day bug, in its Flash Player for Windows, Macintosh, Linux and Chrome OS.

The update addresses a code execution vulnerability (CVE-2018-4878) that has been exploited in the wild and used in limited, targeted attacks against Windows users.

A second critical RCE bug (CVE-2018-4877) was also addressed in the security advisory (APSB18-03).

The update comes after South Korea’s Computer Emergency Response Team found malicious code hidden in MS documents that exploited the Flash bug in order to infect with malware, as The Register reported last week.

The report further said that North Korean hackers were behind the attacks targeting South Koreans doing research on North Korea. 

The attacks leverage Office documents with embedded malicious Flash content distributed via email. Flash Player 28.0.0.137 and earlier versions are affected. Adobe recommends users upgrade to latest version as soon as possible.