According to a security alert issued by the South Korean Computer Emergency Response Team (KR-CERT), the zero day affects Flash Player installs 220.127.116.11 and earlier. Flash 18.104.22.168 is the current Flash version number.
"An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code", KR-CERT said. The malicious code is believed to be a Flash SWF file embedded in MS Word documents.
Hauri security researcher Simon Choi said the zero day exploit has been made and deployed by North Korean threat actors and used since mid-November 2017.
Choi says attackers are trying to infect South Koreans researching North Korea. Adobe said it plans to patch this zero day nuisance on Monday, February 5.