[Update] An official patch has been released on February 8, 2018.
Lately, the Korean computer emergency readiness team (KR-CERT) warned about a 0-day vulnerability (CVE-2018-4878) in Adobe Flash Player. Security researchers also said that attacks exploiting this vulnerability can be traced back to mid November, 2017.
Till now, Adobe has not yet release an official patch for this vulnerability. However, 360 Total Security has intercepted this vulnerability to keep users protected.
360 has intercepted this Flash exploit
Throughout phishing attack, cybercriminals can lure users into opening Microsoft Office files, webpages, spam emails which contain malicious Flash code file to exploit the vulnerability and conduct attacks. Adobe has officially confirmed that hackers are taking advantage of this vulnerability to attack Windows users.
360 Security Team has reacted to this vulnerability right after it was discovered. The team analyzed some victim cases and found the hacks were well-planned. In these cases, instant messaging tools and emails were utilized as channels to deliver the trick excel file with malicious codes.
Since no official security patch has yet been released at this moment, 360 Security Team reminds users of being careful with links and files from untrustworthy resources.
360 will keep offering protection for Flash users
Flash runs out of browsers, not limited to operating systems and browsers. Consequently, attackers prefer to use Flash vulnerability as a weapon. Adobe has announced to stop updating and offering technical support for Flash in 2020 due to its weakness in security.
Although Flash has been “abandoned”, it does not mean users will stay unprotected. 360 has promised that our protection for Flash users will remain, until Flash is no longer used. So far, 360 has helped Adobe fix hundreds of security flaws.
This time, 360 also offer protection at once to ensure Flash users’ security. To stay safe, users only need to upgrade their 360 Total Security to the latest version, which can intercept this vulnerability.