Attackers Exploiting Unpatched Flaw in Flash
Krebs on Security
Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses.
Adobe said a critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 22.214.171.124 and earlier versions. Successful exploitation could allow an attacker to take control of the affected system.
The software company warns that an exploit for the flaw is being used in the wild, and that so far the attacks leverage Microsoft Office documents with embedded malicious Flash content. Adobe said it plans to address this vulnerability in a release planned for the week of February 5.