Critical Adobe Flash bug under active attack currently has no patch

               

Adobe is working on a patch for a newly-discovered vulnerability in Adobe Flash that is being actively exploited by hackers in targeted attacks. Ars Technica has the details:

The active zero-day exploit works against the most recent Flash version 21.0.0.242 and was detected earlier this month by researchers from antivirus provider Kaspersky Lab, according to a blog post published Tuesday by Costin Raiu, the director of the company’s global research and analysis team. It’s being carried out by “ScarCruft,” the name Kaspersky has given to a relatively new hacking group engaged in “advanced persistent threat” campaigns that target companies and organizations for high-value information and data.

Details on how to mitigate the threat can be found on Symantec’s website.

Adobe has published minimal information on its website, and a fix may arrive as early as tomorrow (Thursday 16 June).

By which time you’ll hopefully also have had a chance to roll out the critical Patch Tuesday fixes Microsoft published yesterday.

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts
No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.