Adobe has issued a security update for Flash Player today to patch a zero-day vulnerability exploited by attackers in the wild.
The vulnerability was discovered and independently reported by several security firms —ICEBRG, Tencent, and two security divisions from Chinese cyber-security giant Qihoo 360.
The vulnerability, tracked as CVE-2018-5002, impacts Adobe Flash Player 29.0.0.171 and earlier versions. It was fixed with the release of Flash Player 30.0.0.113.
Flash zero-day exploited via Office files
According to Qihoo 360 Core Security, attackers used the Flash zero-day for attacks against targets in the Middle East. It is believed that a nation-state-backed cyber-espionage group is behind the attacks.
"We boldly suspected that the targeted region is Doha, Qatar," Qihoo 360 Core said today in a
blog post detailing the zero-day.