Adobe Patches Flash Bug Used To Install Spyware

Share

Adobe has patched a zero-day vulnerability used by the BlackOasis APT to plant surveillance software developed by Gamma International.

Individuals and organizations using Adobe Flash-especially those operating in business and government environments-are advised to download the security patch immediately in order to protect against the potential exploit.

Originally discovered by Kaspersky's Anton Ivanov, the flaw, CVE-2017-11292, is a critical type confusion vulnerability that could lead to code execution on Windows, Mac, Linux and Chrome OS systems.

Researchers have warned computer users to patch a security flaw in Adobe's widely distributed Flash after hackers were discovered using the hole to carry out attacks on Windows systems.

Myanmar journalists fly home as Bangladesh drops charges
UNHCR spokesman Andrej Mahecic said many of them had chosen to remain in their homes in Rakhine despite repeated threats to leave or be killed.

The exploit is delivered to victims through a Microsoft Word document laced with a malicious installer that compromises the user's machine and plants the FinSpy malware. It can also eavesdrop on video chats, record calls, view and copy a user's files, and perform other surveillance tasks.

The researchers believe that the group behind the attack was also responsible for CVE-2017-8759, another Zero Day, reported in September - and they are confident that the threat actor involved is BlackOasis, which Kaspersky Lab's Global Research and Analysis Team began tracking in 2016.

Kaspersky said the malware, known as FinSpy or FinFisher, is a commercial product typically sold to nation states and law enforcement agencies to conduct surveillance.

This piece of malware is known as FinSpy or FinFisher and is actually a commercial product that is sold to countries and law enforcement agencies to conduct surveillance, and that in this particular instance a group called BlackOasis managed to plant that malware inside of Flash and has used it to target Middle Easter politicians, United Nations officials, opposition bloggers, activists, and journalists.

Emmy Winner Riz Ahmed In Negotiations To Star In Netflix's 'Hamlet'
That will fit right in with Hamlet's original themes of power lust, corruption and familial expectations. Netflix will finance and distribute.

Kaspersky said it had first become aware of BlackOasis and its activities in May 2016 in the processing of investigating another zero-day exploit in Flash.

The malware used in the attack is the most recent version of FinSpy, equipped with multiple anti-analysis techniques to make forensic analysis more hard.

The company said victims have so far been observed in Russia, Iraq, Afghanistan, the United Kingdom, Iran and elsewhere in Africa and the Middle East.

"The attack using the recently discovered zero-day exploit is the third time this year we have seen FinSpy distribution through exploits to zero-day vulnerabilities".

Cow on the Loose in Prospect Park, Police Say
Earlier this year, a cow escaped from a slaughterhouse in Queens and was on the run for two and a half hours, according to WNBC. The insane scene took place Tuesday beginning at around 11 a.m. local time, and it took nearly two hours to capture it.

Share