Some new vulnerabilities have been discovered in Adobe Flash Player and it appears that they are more serious than we could’ve expected. These weaknesses have been discovered recently, but it appears that they have already been exploited by hackers.
Both Adobe Systems Inc and Kaspersky Lab warned Adobe that these issues need a patch immediately in order to remove the danger. Luckily for the users, Adobe managed to come with a solution as soon as possible.
Kaspersky Lab Inc discovered a previously unknown issue that was used on October 10 by hackers in order to plant malicious software on computers. Those computers were then connected again to servers in Bulgaria, Switzerland and Netherlands.
The group of hackers is named Black Oasis and it is targeting Middle Eastern politicians and other officials that are present in those regions. “The attack using the recently discovered zero-day exploit is the third time this year we have seen FinSpy distribution through exploits to zero-day vulnerabilities. Previously, actors deploying this malware abused critical issues in Microsoft Word and Adobe products. We believe the number of attacks relying on FinSpy software, supported by zero-day exploits such as the one described here, will continue to grow,” said Anton Ivanov, lead malware analyst at Kaspersky Lab
Flash security update
Adobe moved quickly and it already released a new update that should fix this issue. Browsers such as Internet Explorer, Google Chrome and Microsoft Edge have been affected. The patch updates all versions of Adobe Flash to version 220.127.116.11. These are the version that need to be updated right away:
“Adobe Flash Player Desktop Runtime, version 18.104.22.168 for Windows, Macintosh
Adobe Flash Player for Google Chrome, version 22.214.171.124 for Windows, Macintosh, Linux and Chrome OS
Adobe Flash Player for Microsoft Edge and Internet Explorer, version 1127.0.0.130 for Windows 10 and 8.1
Adobe Flash Player Desktop Runtime, version 126.96.36.199 for Linux”