Adobe Urged Users to Update Latest Version of Flash
Adobe has urged users to update to the latest version of Flash to prevent hacking attacks after China based `advanced persistent threat’, was discovered using the Adobe Flash flaw that has now entered malware kit Magnitude. The bug that affects how Flash Player plays video files enables an intruder to utilise carefully made video file to gain control of a user’s computer. It was revealed recently by security research firm FireEye who identified the flaw and reported it to Adobe and the publishers has a Flash Patch made available wherein it could be downloaded utilising the auto-update that is included with Flash. When the vulnerability had been reported, it was already being utilised by a Chinese hacking group called APT3 – Advanced Persistent Treat 3.
According to FireEye, the group had been sending phishing emails directed at organisations in the aerospace, construction, defence, engineering, high tech, and telecommunication as well as transportation industries, which eventually caused a backdoor to be placed on the computer of the victim. The group is said to be one of the more sophisticated threat groups which FireEye Threat Intelligence tends to track and they have a history of introducing new browser based zero day exploits, for instance, Firefox, Internet Explorer and Adobe Flash Player, according to the researchers.
A Zero Day Exploit
`A Zero day’ exploit is said to be one which has never been utilised before and hence the firm involved has `zero days’ to fix the same. While the exploit had only been utilised earlier by APT3, a further caution was put out after it had made its way into popular exploit kit known as Magnitude which allows, would be malware authors to put together their software without the need to write the exploits, which have been tried and have installed ramsomware on the victim’s computers.
With the installation of the latest version of Adobe Flash, it will make the system secure again. Adobe Flash is a program which is installed on several computers and has serious weakness which could enable anyone to take control over it. This was identified as part of documents got leaked after a cyber-attack on Hacking Team, which is a government sponsored spying group that seems to have been using it to break into computers.
Error in a Hole from Flash Code
According to a statement from Adobe, `a successful exploitation would cause a crash and enable an attacker to take control of the affected system’. The issue could affect Windows, Mac and Linux computers. Since the vulnerability has been comprehensive in public documents, after the hack, users could use it against any computer running the application.
Some of the experts have indicated how the vulnerability could be used to take control of computers and run the files on them, revealing the information which has been stored there and probably make them available for misuse. The error comes from a hole in the Flash code which the attackers tend to use for reading and writing information onto the computer and once done with, they can send instructions to the computer which then executes the same. According to leaked information, the vulnerability has been described by the hacking team as `the most beautiful Flash bug for the last four years’
