Adobe finally responds to claims of North Korean hackers exploiting Flash zero-day for TWO MONTHS

The best fix for Adobe Flash security flaws is to uninstall it

Hackers linked to North Korea have been taking advantage of an Adobe Flash zero-day flaw since November - but the software company has only just got round to issuing a warning about it.

Cyber security researchers and South Korean authorities have long warned that cyber attackers based in the North have been tapping into a new Adobe Flash zero day flaw.

They believe that hackers associated with the authoritarian government in Pyongyang are using the zero-day vulnerability to launch attacks on South Korean researchers working on projects about North Korea.

After the serious flaw was uncovered, the South Korean Computer Emergency Response Team (KR-CERT) warned citizens that an "attacker may be able to convince a user to open a Microsoft Office document, web page, or spam mail containing a Flash file".

Attackers have been embedding a dodgy Flash SWF file into seemingly innocent looking Word and Excel documents in order to infect victims' computers. But the researchers have slammed Adobe for not doing enough to tackle the flaw.

During this time, Adobe has not offered much insight into the flaw, but experts at KR-CERT have offered recommendations, while Adobe works on a patch. They include removing Flash Player completely and using the Firefox web browser.

Simon Choi, a security researcher based in South Korea, has spent much of his time exploring the flaw. He believes that North Korean hackers first started using the flaw in November 2017.

"Flash zero-day vulnerability made by North Korea has been used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea," he wrote on Twitter yesterday.

Adobe has finally got round to issuing an advisory based on the flaw (CVE-2018-4878), which is rated as critical. The company promised to release a patch on 5 February.

"Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users," it explained.

"These attacks leverage Office documents with embedded malicious Flash content distributed via email."