South Korea’s CERT has discovered a zero-day vulnerability in Adobe’s Flash player that could allow Remote Code Execution (RCE) on various platforms.
The exploit is carried out by embedding a Flash SWF file in a Microsoft Excel document, which in turn downloads a RAT (Remote Administration Tool) to procure documents.
The platforms which stand affected by the new zero-day bug include Adobe Flash Player for Desktop Runtime, Google Chrome, Microsoft Edge, Internet Explorer 11 across Windows, Macintosh, Linux, and Chrome OS.
Adobe has addressed the issue and has promised to roll out an update in the coming week.
