Zero-day vulnerability in Adobe Flash Player

Use-after-free
CVE-2018-4878

KR-CERT reported in the wild exploitation of zero-day vulnerability in the latest version of Adobe Flash Player. According to the South Korean Computer Emergency Response Team (KR-CERT), the exploit has being used in the wild since mid-November 2017.

Security experts for FireEye linked the vulnerability to the hacking group TEMP.Reaper. The IP-addresses from which attacks were connected with the C&C-servers belong to the Internet provider Star JV - a joint venture of North Korea and Thailand.

Cisco Talos observed use of vulnerability in attacks conducted by Group 123.

According to FireEye, after successful exploitation of the vulnerability the system is infected with DOGCALL malware.

Cisco Talos specialists also reported cyberattacks using the malicious software, which they called Rokrat.

Known malware:

DOGCALL
Rokrat

Vulnerability details

Advisory: SB2018020120 - Remote code execution in Adobe Flash Player

Vulnerable component: Adobe Flash Player

CVE-ID: CVE-2018-4878

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-416 - Use After Free

Description:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a use-after-free error when processing .swf files. A remote attacker can execute arbitrary code on the target system.

Note: this vulnerability is being actively exploited in the wild against the latest version of Adobe Flash Player.

UPDATE: The vendor has issued the fixed version on February 6, 2018.

Latest references in media:

- North Korean Reaper APT uses zero-day vulnerabilities to spy on governments | ZDNet [2018-02-21 12:50:04]

- Microsoft Patch Tuesday, February 2018 [2018-02-13 01:00:00]

- Flash Zero Day (CVE-2018-4878) [2018-02-13 01:00:00]

- North Korean APT Group tracked as APT37 broadens its horizons [2018-02-21 07:40:16]

- North Korean Threat Widens to Target Multinationals [2018-02-20 23:41:06]

- APT37 (Reaper): The Overlooked North Korean Actor [2018-02-20 14:40:01]

- Microsoft, Adobe February 2018 security updates: An overview [2018-02-14 12:41:16]

- February Patch Tuesday Is a Bouquet of Fixes for Privilege Escalation Vulnerabilities [2018-02-14 11:32:02]

- Cybersecurity week Round-Up (2018, Week 6) [2018-02-12 16:22:47]

- Security Affairs newsletter Round 149 тАУ News of the week [2018-02-11 15:50:06]

- A Flaw in Hotspot Shield VPN From AnchorFree Can Expose Users Locations [2018-02-09 16:11:33]

- Researchers spotted a new Adobe Flash Player zero-day exploit in the wild that's being actively exploited in the wild by North Korean hackers to target Windows users in South Korea. [2018-02-08 12:30:02]

- North Korean APT Group Employed Rare Zero-Day Attack [2018-02-08 00:20:03]

- Adobe patches Flash zero-day being 'exploited by North Korean hackers' | TheINQUIRER [2018-02-07 17:50:10]

- Windows security: Microsoft issues Adobe patch to tackle Flash zero-day | ZDNet [2018-02-07 15:32:13]

- Adobe Issues Emergency Fix to Foil North Korean Hackers [2018-02-07 11:00:03]

- Adobe rolled out an emergency patch that fixed CVE-2018-4878 flaw exploited by North Korea [2018-02-07 09:00:06]

- Adobe: Two critical Flash security bugs fixed for the price of one [2018-02-06 21:30:02]

- Adobe Patches Flash Zero-Day Used in South Korean Attacks [2018-02-06 21:20:02]

- Adobe Patches Flash Zero-Day Exploited by North Korean Hackers [2018-02-06 18:11:37]

- Adobe Flash Zero-Day Spotted in the Wild [2018-02-05 22:21:08]

- Cisco and FireEye Pointing Finger at North Korea Hacking Group For Adobe Flash 0-Day In The Wild [2018-02-05 19:50:11]

- About the Flash zero-day currently exploited in the wild [2018-02-05 13:24:29]

- Flash Zero-Day Attacks Analyzed by FireEye, Cisco [2018-02-05 06:40:11]

- South Korea identifies Flash 0-day in the wild | ZDNet [2018-02-05 03:50:09]

- Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) тАУ Threat Attribution, Attack Scenario and Recommendations [2018-02-03 03:30:02]

- Adobe warns of Flash zero-day, patch to come next week [2018-02-02 18:30:52]

- Attackers Exploiting Unpatched Flaw in Flash [2018-02-02 15:50:53]

- Adobe acknowledges Flash zero-day that's been exploited since November | TheINQUIRER [2018-02-02 12:11:31]

- Researchers spotted a new Adobe Flash Player zero-day exploit in the wild that's being actively exploited in the wild by North Korean hackers to target Windows users in South Korea. [2018-02-02 07:20:03]

- Adobe to Patch Flash Zero-Day Discovered in South Korean Attacks [2018-02-02 00:00:03]

- South Korea Warns of Flash Zero-Day flaw exploited by North Korea in surgical attacks [2018-02-01 23:32:34]

- Adobe Flash Player Zero-Day Spotted in the Wild [2018-02-01 21:50:41]

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.