Adobe Patches Flash Zero-Day Used by BlackOasis APT

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Last week, Adobe claimed it wouldn't release security updates for the first time since July 2012 because it had nothing to patch.

Less than six days later, the company released a critical update for Flash Player that fixes a zero-day vulnerability exploited in live attacks.

The zero-day, CVE-2017-11292, is a "type confusion" that leads to remote code execution on targeted systems.

The issue affects Flash Player 27.0.0.159 on Windows, Linux, macOS, and Chrome OS. Adobe fixed the vulnerability in Flash Player version 27.0.0.170.

Zero-day spotted by Kaspersky Lab researchers
The vulnerability was spotted in the wild by Anton Ivanov of Kaspersky Lab. According to Costin Raiu, director of Global Research and Analysis Team (GReAT) at Kaspersky Lab, the vulnerability was found in campaigns carried out by BlackOasis.

BlackOasis is a codename Kaspersky researchers gave to an advanced persistent threat (APT, cyber-espionage group) they believe to be operating out of a Middle Eastern country and employing a spying ("lawful surveillance") toolkit named FinSpy, sold by UK firm Gamma Group International.

This is not the first time BlackOasis used a Flash Player zero-day to attack targets. The group also used CVE-2017-8759 in September 2017, CVE-2016-4117 in May 2016, CVE-2016-0984 in June 2015, and CVE-2015-5119 in June 2015.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top