Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / World Wide Web / Adobe Issues Emergency Flash Patch
Adobe Issues Emergency Flash Zero-Day Patch
Adobe Issues Emergency Flash Zero-Day Patch
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
A serious zero-day flaw in its Flash Player browser plugin had Adobe scrambling to issue a critical patch on Wednesday. The vulnerability that affects both Mac and Windows operating systems allows an attacker to potentially take over a system. Adobe said the bug has already been exploited by hackers in the wild.

The vulnerability was first discovered earlier this month by FireEye, a private computer security company. FireEye privately informed Adobe of the exploit. The company’s team in Singapore discovered the flaw thanks to a phishing campaign by the Chinese hacker group APT3, also known as UPS.

A Sophisticated Threat

APT3 had been targeting organizations involved in several critical industries, including aerospace and defense, construction and engineering, high tech, telecommunications, and transportation. FireEye had previously identified APT3 in April of last year, and described the group as one of the most sophisticated threats that it tracks.

The hacker group has a history of introducing zero-day exploits into browser plugins using vulnerabilities in software such as Internet Explorer, Firefox, and Flash. After successfully exploiting a target host, APT3 will quickly dump credentials, move laterally to additional hosts, and install custom backdoors. APT3’s command and control infrastructure is difficult to track, as there is little overlap across campaigns.

The hacker group’s latest exploit affects Adobe’s Flash Player Desktop Runtime, Flash Player Extended Support Release, Flash Player for Linux, and Flash Player for Google Chrome, Internet Explorer 10 and 11. The company said users running those products should upgrade to the latest versions immediately.

Phishing Expedition

The victims were attacked by phishing e-mails that directed users to click on a URL that took them to a compromised server hosting JavaScript profiling scripts. Victims were then led to download a malicious Flash Player SWF file. Adobe described the attacks witnessed in the wild as “limited” and “targeted.” Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets for the campaign.

Nevertheless, Adobe assigned the update its highest priority rating, indicating that the company considered it a crucial security flaw that users should fix as soon as possible.

According to Adobe, users running the Flash Player browser plugin on Google Chrome or Internet Explorer on Windows 8.x systems will have their software automatically updated. Users running Flash Player Desktop Runtime for Windows and Macintosh should update to Adobe Flash Player, users of the Flash Player Extended Support Release should update to Adobe Flash Player, and users of Adobe Flash Player for Linux should update to Adobe Flash Player

The vulnerability is only the latest to befall the hapless plugin, which has been the victim of a number of exploits in the past. Last year, Kaspersky Labs found that the Syrian government had used another exploit in the software to attack what it considered to be political opponents. Although the Flash Player is widely used, security experts have recommended that users uninstall it due to its numerous security issues.

Tell Us What You Think


Posted: 2015-06-24 @ 2:54pm PT
Time to ditch Flash and use HTML5 instead. Steve Jobs was right.

Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.