Stop me if you think you have heard this one before but hackers are using a newly discovered flaw in Adobe Flash Player to infect computers.
The new flaw is a zero day, which means all versions of the software is affected including on Windows, Mac OS, Linux and Chrome OS.
The vulnerability was discovered by the South Korean Computer Emergency Response Team (KR-CERT). It is suspected that North Korean hackers have been using it to compromise computers in South Korea.
If successful, hackers can use the vulnerability to gain full control of a computer, researchers warned.
In its security advisory, KR CERT said that hackers were able to use the vulnerability to gain control of a computer by hiding Flash content in Office documents such as Excel files, which are then downloaded by the unsuspecting user.
“An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code,” KR-CERT said.
Adobe confirmed the presence of the vulnerability and admitted that hackers are exploiting it to infect computers.
“Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users,” Adobe said in a statement.
“These attacks leverage Office documents with embedded malicious Flash content distributed via email.”
Adobe said that a patch should be released by February 5.
The security problems surround Adobe Flash Player are well reported but the software just refuses to go away.
Such has been the problems with the much maligned software that most of today’s browsers now block Flash by default.
The advice to users to install the security patch as soon as it is released by Adobe. Better still, avoid using Flash altogether. This isn’t the first time the software has been compromised and it almost certainly won’t be the last.