Beware!! New Zero-day Vulnerability Found in Adobe Flash Player – Still No Patches Available

Adobe Flash Player now suffering from brand New Zero-day vulnerability with high severity rate and researchers believes that it cause a Severe impact on ActiveX Support browsers which leads to compromise the Windows PC.

Zero-day vulnerabilities are referred to attacks on vulnerabilities that have not been patched or made public.

This critical Zero-day vulnerability is presenting in current Adobe Flash Player ActiveX 28.0.0.137 and earlier versions.

In this case, this major Zero-day flaw mainly spreading via Microsoft office document or spam mail that contain a Malicious flash file.

South Koren Cyber Emergency Response Team(KR-CERT) Released Emergency notes that says, “This vulnerability only on user’s who all are using Internet Explorer (IE) be influenced chrome (chrome) until a patch is available using Firefox (FireFox) is recommended”

Security Researcher from Hauri, Inc.said, “Flash 0day vulnerability that made by North Korea used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea.”

Adobe users have to beware of this severe Zero-day Until Adobe releases the security patch for this Vulnerability.

Also Read: Security Bug Affected 300,000 Oracle Point of Sale Systems Puts the Critical Business Data at Risk

Temporary Mitigation for this Zero-day Vulnerability

  • Remove the flash player from computer Until Adobe releases a security patch for the vulnerability.
  • do not trust the website Scion visits and the source does not open an unknown email attachment viewing prohibited and links
  • keep the latest updates of antivirus programs, and enable real-time monitoring
  • Use Firefox  until a patch is available
Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

ThreatBook Recognized as a Notable Vendor in Global Network Analysis and Visibility (NAV) Report

ThreatBook, a global leader cyber threat and response solutions backed by threat intelligence and AI,…

35 minutes ago

Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security

A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript…

13 hours ago

Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication

A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to…

13 hours ago

Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees

ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate payroll…

13 hours ago

PupkinStealer Exploits Web Browser Passwords and App Tokens to Exfiltrate Data Through Telegram

A newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some reports),…

14 hours ago

71 Fake Websites Impersonating German Retailer to Steal Payment Information

Recorded Future Payment Fraud Intelligence has uncovered a sprawling network of 71 fraudulent e-commerce domains…

14 hours ago