Last week, Adobe issued an emergency security patchfixing a critical flaw in its Flash Player that could allow a remote hacker to take complete control of Windows, Mac and Linux computers.
At the time of public disclosure, it was believed that the vulnerability (known as CVE-2015-3113) was being exploited by a Chinese hacking gang known as APT3.
According to Fireeye, the APT3 gang was launching limited targeted attacks via email to organisations in a number of industries (including defence, aerospace, construction, high tech and telecoms) in order to open backdoors onto their computers for the purposes of spying and stealing information.
Things got more serious this weekend, however, when independent malware researcher Kafeine reported that the CVE-2015-3113 Flash flaw had also been incorporated into the Magnitude and Angler EK exploit kit.
The fact that a method of exploiting the Flash vulnerability has now been built into malware kits that any malicious hacker could potentially use, makes the threat much more significant - as a wider number of criminals can now easily exploit it.
At the time of writing, it appears that malicious hackers are using the exploit to infect computers with versions of the Cryptowall ransomware.
Adobe says the following versions of Adobe Flash are vulnerable to the exploit:
Read more: https://grahamcluley.com/2015/06/patch-adobe-flash-magnitude/
At the time of public disclosure, it was believed that the vulnerability (known as CVE-2015-3113) was being exploited by a Chinese hacking gang known as APT3.
According to Fireeye, the APT3 gang was launching limited targeted attacks via email to organisations in a number of industries (including defence, aerospace, construction, high tech and telecoms) in order to open backdoors onto their computers for the purposes of spying and stealing information.
Things got more serious this weekend, however, when independent malware researcher Kafeine reported that the CVE-2015-3113 Flash flaw had also been incorporated into the Magnitude and Angler EK exploit kit.
The fact that a method of exploiting the Flash vulnerability has now been built into malware kits that any malicious hacker could potentially use, makes the threat much more significant - as a wider number of criminals can now easily exploit it.
At the time of writing, it appears that malicious hackers are using the exploit to infect computers with versions of the Cryptowall ransomware.
Adobe says the following versions of Adobe Flash are vulnerable to the exploit:
- Adobe Flash Player 18.0.0.161 and earlier versions for Windows and Macintosh
- Adobe Flash Player Extended Support Release version 13.0.0.292 and earlier 13.x versions for Windows and Macintosh
- Adobe Flash Player 11.2.202.466 and earlier 11.x versions for Linux
Read more: https://grahamcluley.com/2015/06/patch-adobe-flash-magnitude/
