Adobe updated Flash Player on Tuesday to address a zero-day vulnerability exploited by what experts believe to be a North Korean hacker group in attacks aimed at individuals in South Korea.
The existence of the vulnerability, tracked as CVE-2018-4878, came to light on January 31 when South Korea’s Internet & Security Agency (KISA) issued an alert. Cybersecurity experts based in the country said the flaw had been used by North Korean threat actors against South Koreans who focus on North Korea research.
Adobe has promised to release a patch sometime this week and it has kept its promise. Flash Player version 18.104.22.168 should fix the vulnerability, which the company has described as a use-after-free bug that allows remote code execution.