Adobe Issues Emergency Flash Zero-Day Patch

A serious zero-day flaw in its Flash Player browser plugin had Adobe scrambling to issue a critical patch on Wednesday. The vulnerability that affects both Mac and Windows operating systems allows an attacker to potentially take over a system. Adobe said the bug has already been exploited by hackers in the wild.

The vulnerability was first discovered earlier this month by FireEye, a private computer security company. FireEye privately informed Adobe of the exploit. The companyEUs team in Singapore discovered the flaw thanks to a phishing campaign by the Chinese hacker group APT3, also known as UPS.

A Sophisticated Threat

APT3 had been targeting organizations involved in several critical industries, including aerospace and defense, construction and engineering, high tech, telecommunications, and transportation. FireEye had previously identified APT3 in April of last year, and described the group as one of the most sophisticated threats that it tracks.

The hacker group has a history of introducing zero-day exploits into browser plugins using vulnerabilities in software such as Internet Explorer, Firefox, and Flash. After successfully exploiting a target host, APT3 will quickly dump credentials, move laterally to additional hosts, and install custom backdoors. APT3EUs command and control infrastructure is difficult to track, as there is little overlap across campaigns.

The hacker groupEUs latest exploit affects AdobeEUs Flash Player Desktop Runtime, Flash Player Extended Support Release, Flash Player for Linux, and Flash Player for Google Chrome, Internet Explorer 10 and 11. The company said users running those products should upgrade to the latest versions immediately.

Phishing Expedition

The victims were attacked by phishing e-mails that directed users to click on a URL that took them to a compromised server hosting JavaScript profiling scripts. Victims were then led to download a malicious Flash Player SWF file. Adobe described the attacks witnessed in the wild as EUlimitedEU and EUtargeted.EU...

Comments are closed.