Last week, Adobe claimed it wouldn't release security updates for the first time since July 2012 because it had nothing to patch.
Less than six days later, the company released a critical update for Flash Player that fixes a zero-day vulnerability exploited in live attacks.
The zero-day, CVE-2017-11292, is a "type confusion" that leads to remote code execution on targeted systems.
The issue affects Flash Player 27.0.0.159 on Windows, Linux, macOS, and Chrome OS. Adobe fixed the vulnerability in Flash Player version
27.0.0.170.
Zero-day spotted by Kaspersky Lab researchers
The vulnerability was spotted in the wild by Anton Ivanov of Kaspersky Lab. According to Costin Raiu, director of Global Research and Analysis Team (GReAT) at Kaspersky Lab, the vulnerability was found in campaigns carried out by
BlackOasis.
BlackOasis is a codename Kaspersky researchers gave to an advanced persistent threat (APT, cyber-espionage group) they believe to be operating out of a Middle Eastern country and employing a spying ("lawful surveillance") toolkit named FinSpy, sold by UK firm Gamma Group International.
This is not the first time BlackOasis used a Flash Player zero-day to attack targets. The group also used
CVE-2017-8759 in September 2017,
CVE-2016-4117 in May 2016,
CVE-2016-0984 in June 2015, and
CVE-2015-5119 in June 2015.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}