The IT Nerd

I’ve been saying for a very long time that if you want your computer to be secure, you need to dump Adobe Flash. On top of the security factor, you have no practical need for it as the world has moved on to standards like HTML5. But here’s a new reason not to run Adobe Flash. South Korean authorities have found a dangerous new Zero Day exploit that leverages Adobe Flash:

According to a security alert issued by the South Korean Computer Emergency Response Team (KR-CERT), the zero-day affects Flash Player installs 28.0.0.137 and earlier. Flash 28.0.0.137 is the current Flash version number.

“An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code,” KR-CERT said. The malicious code is believed to be a Flash SWF file embedded in MS Word documents.

What makes it worse is that the North Koreans are apparently behind this and it’s been around since November and it’s actively being exploited. This has Adobe scrambling to fix this and a fix is coming out on Monday. Which is pretty craptastic on Adobe’s part seeing as this has been around since November and is actively being exploited. So if you still run Adobe Flash for whatever reason, make sure that you update it on Monday. Or better yet, uninstall it and make yourself more secure than you are now.

This entry was posted on February 2, 2018 at 8:16 am and is filed under Commentary with tags Adobe. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.