Unknown critical vulnerability has been discovered in Adobe Flash Player
Adobe Flash Player is living its last days and it appears that the decision to end it is very justified. Many tech experts have complained about the weaknesses of Flash and finally Adobe declared that it will put it to an end in 2020. However, it appears that its last years won’t be very peaceful. Right now, a huge vulnerability has been discovered by Kaspersky Labs, and it appears that it has already been exploited by hacker groups.
Responsible for the attacks that exploited this vulnerability is the BlackOasis group. They target Middle Eastern politics, including opposition journalists and activists and officials of the United nations. The attacks already made victims in Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, United Kingdom and Angola.
The Adobe Flash Player vulnerability used Microsoft Word documents in order to plant FinSpy, a commercial product that is sold to law enforcement agencies or even governments.
Fixing this issue
Kaspersky Labs announced this issue right away and it worked to Adobe in order to come up with a solution. A security update has been already released and it should fix this Flash Player vulnerability on Windows, Macintosh, Linux and Chrome OS.
“The attack using the recently discovered zero-day exploit is the third time this year we have seen FinSpy distribution through exploits to zero-day vulnerabilities. Previously, actors deploying this malware abused critical issues in Microsoft Word and Adobe products. We believe the number of attacks relying on FinSpy software, supported by zero-day exploits such as the one described here, will continue to grow,” declared Anton Ivanov, the one who reported the exploit to Adobe. Ivanov is lead malware analyst at Kaspersky Lab and it is not the first time when Adobe works with them in order to fix vulnerabilities.