It appears that Adobe Flash Player is not completely safe and Kaspersky Lab managed to find a critical vulnerability in Adobe Flash. As it turns out, this exploit uses Microsoft Word documents in order to deploy malware.
As it turns out, the exploit was not found fast enough, since it has been already exploited by a hacker group back on October 10.
How does this exploit work?
“Analysis reveals that, upon successful exploitation of the vulnerability, the FinSpy malware (also known as FinFisher) is installed on the target computer. FinSpy is a commercial malware, typically sold to nation states and law enforcement agencies to conduct surveillance. In the past, use of the malware was mostly domestic, with law enforcement agencies deploying it for surveillance on local targets. BlackOasis is a significant exception to this – using it for a wide range of targets across the world. This appears to suggest that FinSpy is now fuelling global intelligence operations, with one country using it against another. Companies developing surveillance software such as FinSpy make this arms race possible. The malware used in the attack is the most recent version of FinSpy, equipped with multiple anti-analysis techniques to make forensic analysis more difficult.
After installation, the malware establishes a foothold on the attacked computer and connects to its command and control servers located in Switzerland, Bulgaria and the Netherlands, to await further instructions and exfiltrate data,” Kaspersky explained.
Luckily, Adobe worked fast enough and it collaborated with Kaspersky Lab in order to deliver a patch as soon as possible. The patch has already been released and it updates all Adobe Flash versions to 220.127.116.11. It is vital that you upgrade your Adobe Flash version right away, as the vulnerability is a real danger for your device