A new finding made by Kaspersky Lab’s advanced exploit prevention systems reveal hackers are using a new security vulnerability in the Adobe Flash Player plugin to plant malicious programmers and files on your personal computer.
Adobe Flash vulnerability can plant malware on your PC
Identified as FinSpy or FinFisher (a commercial product mainly used by many law enforcement agencies to conduct surveillance), the malware exploits a vulnerability in Adobe Flash delivered through a Microsoft Office document. BlackOasis group is suspected to be the perpetrator of this crime and breach of the networks. However, the number of attacks are minimal, reports Kaspersky labs.
We first became aware of BlackOasis’ activities in May 2016, while investigating another Adobe Flash zero-day. On May 10, 2016, Adobe warned of a vulnerability (CVE-2016-4117) affecting Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. The vulnerability was actively being exploited in the wild. Leveraging data from Kaspersky Security Network, we identified this new vulnerability, mentioned Kaspersky.
As soon as the research team learned about this development it informed the vendor since the firm believes in working closely with vendors to protect users. All the details were disclosed thereafter, in an attempt to find a quick fix and avert any major crisis.
Acting promptly on the details shared, Adobe Systems Inc. warned the users that hackers are exploiting vulnerabilities in its Flash multimedia software platform in web browsers, and urged them to quickly patch their systems to prevent such attacks.
Adobe Systems had earlier notified users that it would put its vulnerable and buggy Adobe Flash Player plugin to rest completely in over two years from now, in 2020. However, it hasn’t disclosed any clear policy on safety measures and people still remain vulnerable to attacks and malware like FinSpy.