How to Mitigate Adobe Flash Player Zero-Day Vulnerability APSA18-01

The South Korean Computer Emergency Response Team (KR-CERT) issued a warning Wednesday about a new Adobe Flash Player zero-day spotted in the wild. The security bulletin warns that the attacks target South Korean organizations and involves malicious Microsoft Word documents.

According to the KR-CERT, the zero day is believed to be a Flash SWF file embedded in Microsoft Word documents.

Who's impacted?

This zero day impacts Adobe’s most recent Flash Player (28.0.0.137) and earlier versions, meaning that all Flash versions are affected, including the latest releases for Linux, Mac and Windows.

Is there a patch?

Adobe plans to issue a patch the week of Feb 5.

How severe is this vulnerability?

The bad news is that Adobe confirmed that hackers are already exploiting this vulnerability. “Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users,” the company said in an advisory. “These attacks leverage Office documents with embedded malicious Flash content distributed via email.”

How CAN I mitigate the risk?

• The best approach is to uninstall Adobe Flash from all machines in your organization.

• You should consider keeping Adobe Flash uninstalled even after Adobe releases a patch. Adobe products are notorious for having vulnerabilties, some of which probably haven't been discovered yet.

• Another option is to disable Flash across all machines in your environment. We prefer a complete removal over this option to avoid the chances of having Flash re-enabled by the user through social engineering attempts.

• Adobe recommended that administrators consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in read-only mode. However, we do not recommend this option since attackers can fool users into disabling protected view through social engineering.