Adobe has warned that a new zero-day vulnerability is currently being exploited in the wild, with a patch not yet available to address the issue.
The vulnerability is apparently being used by North Korean operatives against South Korean researchers in “limited, targeted attacks against Windows users”, but we assume it will not be long before it spreads more widely.
The malware can be delivered by web pages, but also by email or in Office documents.
Simon Choi, director of the Next Generation Security Research Center at Seoul-based computer software company Hauri, Inc. – also affiliated with South Korea’s Cyber Warfare Intelligence Center (CWIC) suggests worried users remove the Flash player, keeps their antivirus up to date and avoid suspicious emails. The vulnerability affects Edge and Chrome, and using Firefox also offers some protection.
The following products are affected: versions 22.214.171.124 and earlier of Adobe Flash Player Desktop Runtime (Windows and Mac), Adobe Flash Player for Google Chrome (Windows, Macintosh, Linux and Chrome OS), Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (Windows 10 and 8.1), and Adobe Flash Player Desktop Runtime (Linux).
Adobe is working on a patch to roll out shortly.
Read the advisory at Adobe here.