0-Day Adobe Flash Vulnerability Exploited In The Wild on Chrome and Browsers

Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary:
A recent story from darknet.org.uk opens up another 0-day Flash vulnerability was exploited in the field, a previously unknown vulnerability that was marked as CVE-2018-4878, affecting versions 28.0.0.137 and earlier for Windows and Mac (desktop runtime), and Basically all in Chrome (Windows, Mac, Linux and Chrome OS).
The heavy use of this approach, which appears to have used the Korean goal by North Korean hackers, apparently has been in use since November 2017.
This is a rather complex attack chain, so I was surprised it was a very reliable hole because it targeted Flash content embedded in Microsoft Office documents.
Most current browsers of this generation do not have Flash support at all, or make “Ask First” when Flash content tries to display. This, I suspect, is why attackers choose to embed Flash into Microsoft Office documents because it is so commonplace to software, not to frequently update or patch individuals or organizations.
This is not the first Flash zero day, it will not be the last, we have already reported the last time, I think as more and more sites are phasing out Flash and ported to local HTML5, the impact should be getting smaller .
Read more…
APSA18-01 Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Read the rest of now! Only available at Darknet…. Engaging post, Read More…
thumbnail courtesy of darknet.org.uk
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post
The post 0-Day Adobe Flash Vulnerability Exploited In The Wild on Chrome and Browsers appeared first on Safe Harbor on Cyber.