Nork hackers exploit Flash bug to pwn South Koreans. And Adobe will deal with it next week

Maybe it's a good time to just delete the thing

By Iain Thomson in San Francisco

Posted in Security, 1st February 2018 21:51 GMT

Adobe will next week emit patches to squash a security bug in Flash that can be exploited by malicious webpages and documents, when opened, to hijack and spy on vulnerable computers.

The flaw is being abused right now by North Korean hackers to infect victims' PCs. You should update your browser or Flash installation – if you're still using Flash – as soon as the fix lands so other miscreants can't exploit the vulnerability and potentially commandeer your machine.

The programming cockup (CVE-2018-4878) came to light after South Korea's Computer Emergency Response Team found malicious code hiding in Microsoft Office documents, web pages, and spam emails, that exploits the Flash bug to infect Windows PCs with malware.

According to Simon Choi, director of the security research center at Korean infosec biz Hauri, the security hole is being abused by North Korea to spy on those in the South investigating the hermit nation's dictatorship. Victims are tricked into opening dodgy Microsoft Office spreadsheets that hack the PC via the Flash hole:

Adobe today said it is working on a patch that should be released "during the week of" February 5

All versions of Flash are vulnerable to the aforementioned issue. The Photoshop maker said that – so far – only Windows machines have been attacked, although Windows, Macintosh, Linux, and Chrome OS systems are potentially vulnerable.

Now's a good time to ensure Flash is set to only play when specifically told to – so-called "click to run" – so that malicious Flash files invisibly embedded in documents and webpages can't silently kick off without you knowing. There are other mitigations listed here.

The other alternative is just to delete Flash from your system. Web browsers are shunning this internet dumpster fire. Even Adobe's had enough of the wretched thing, vowing to kill it by 2020. ®

Sign up to our NewsletterGet IT in your inbox daily

36 Comments

More from The Register

Shadow Brokers lay out pitch – and name price – for monthly zero-day subscription service

$21k lucky dip for exploits

Vanilla Forums has a plain-flavoured zero-day

Updated PHPMailer bug leads to remote code execution via HTTP

Attackers use ancient zero-day to pop Asian banks, govts

Flawed desktop publishing tool for readers of Urdu and Arabic phlayed with phishing

FREE zero-day for every reader: AT&T's DirecTV kit has a root hole – and no one wants to patch it

echo "Bot herders will love"; cat /etc/passwd #

Hate 'contact us' forms? This PHPmailer zero day will drop shell in sender

Borked patch opens remote code execution on web servers

Zero-day vulnerability count up by, er, zero in 2015

Mind the app, says Secunia as bug count remains stable

Google's Project Zero reveals another Microsoft flaw

Edge, IE can find themselves running unexpected code if cooked by a malicious site

East Euro crims pwning 'high profile' victims with Flash zero day

Unpatched flaw exploited since March

Report: NSA hushed up zero-day spyware tool losses for three years

Investigation shows staffer screw-up over leak

Google drops a zero-day on Microsoft: Web giant goes public with bug exploited by hackers

Even Adobe pushed its patch faster than Windows giant