Last week, CERT of South Korea recognized a exploit in Adobe Flash 28.0.0.137 (and in all previous versions of course) that could allow remote code execution on Windows, macOS, Linux, and Chrome OS.
Adobe soon after announced in a security bulletin that it would patch the vulnerability in a release scheduled for release this week. ...on time, just how exploit released…
Cisco's Talos researchers have stated that the payload that existed in an Excel was ROKRAT and refers to Group 123.
"Group 123 has joined some hacking elites in this latest ROKRAT payload.
They have used a Zero Day of Adobe Flash that was except of the former capabilities them – they've used exploits in previous campaigns but never had a brand new exploit like they've done now,” Talos researchers Warren Mercer and Paul Rascagneres report.
"Although in Talos we have no information about victims, we suspect that the victim was a very specific and high-value target. The use of a brand new exploit, which did not exist, shows that they were very determined to succeed in the attack. "
FireEye, on the other hand, said the malware file should come from North Korea, known as TEMP.Reaper.
While Adobe suggests that administrators could use Protected View for Office to protect themselves, FireEye pointed out that we're likely to see more attacks until the vulnerability is patched.
Last July, Adobe said it would stop supporting Flash in 2020, with Microsoft claiming it would remove full Flash support from Windows that same year.
- Binary Option Trading: Scam or minimize risks?
- Intel: Finally in BIOS from 2020. An improved UEFI comes in