Adobe Flash Player Targeted by Hackers Anew
Adobe Flash Player’s latest version was not immune to attackers aiming to exploit most any vulnerability.
The current version (21.0.0.242) of the flash player was exposed by a zero-day exploit discovered the first week of June by a group of security researchers.
The attack was linked to a group of hackers who go by the name “ScarCruft”, a relatively upstart group who get involved with “advanced persistent threat” campaigns that focus on companies and institutions that have access to high-value information.
Although ScarCruft is relatively new to the hacking game, they have already had victims from a number of countries which include Russia, South Korea, Nepal, China, Kuwait, India, and Romania.
Furthermore, ScarCruft is said to have several other current exploit operations which involve Microsoft Internet Explorer and Adobe Flash Player.
Adobe vulnerabilities do not occur that often and they have been diligent in releasing updates to their software.
ScarCruft is involved in two major jobs these days: Operation Daybreak which focuses on high-profile victims by exploiting Adobe Flash; and Operation Erebus which attacks an older exploit.
Another zero-day exploit is said to be launched by the group earlier this year. Fortunately, the security vulnerability had been patched months ago.
In a security advisory from June 14, Adobe confirmed that the critical vulnerability existed in their 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. They added that, “successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”
Also, Adobe stated they were aware of the exploit existing in the wild and that it was being used in limited, targeted attacks.
Two days later, Adobe released security updates for the flash players of all affected operating systems. Adobe vulnerabilities do not occur that often these days, and the company has been diligent in releasing updates to their software.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.
