Top

North Korea’s Flash Player Flaw Now Exploited by Cybercriminals

February 27, 2018

Endpoint security firm Morphisec has spotted a massive campaign that exploits a recently patched Adobe Flash Player vulnerability to deliver malware.

The flaw in question, CVE-2018-4878, is a use-after-free bug that Adobe patched on February 6, following reports that North Korean hackers had been exploiting the vulnerability in attacks aimed at South Korea. The threat group, tracked as APT37, Reaper, Group123 and ScarCruft, has been expanding the scope and sophistication of its campaigns.

After Adobe patched the security hole, which allows remote code execution, other malicious actors started looking into ways to exploit CVE-2018-4878.

Read More on Security Week