Last week, Adobe issued an emergency security patch fixing a critical flaw in its Flash Player that could allow a remote hacker to take complete control of Windows, Mac and Linux computers.
The Adobe Flash plugin vulnerability, known to have been used by the infamous “Clandestine Wolf” hacker group, has taken place over a number of weeks, targeting businesses in the aerospace, defense, construction, technology, and telecoms industries through phishing messages for the purpose of spying and stealing information.
The bug – AKA CVE-2015-3113 – has already been patched by Adobe, and the fix can be downloaded from the company’s website, which we encourage everyone to do at their earliest convenience. This can help users avoid falling victim to hackers armed with the malware kits.
Adobe says the following versions of Adobe Flash are vulnerable to the exploit:
Adobe Flash Player 126.96.36.199 and earlier versions for Windows and Macintosh
Adobe Flash Player Extended Support Release version 188.8.131.522 and earlier 13.x versions for Windows and Macintosh
Adobe Flash Player 184.108.40.2066 and earlier 11.x versions for Linux
Another targeted attack campaign, codenamed “RussianDoll,” was uncovered using Adobe Flash vulnerabilities in a series of targeted attacks in April.
Prior to it, Adobe was forced to patch three zero-day vulnerabilities in January and February, one of which was similarly targeted by the Angler exploit kit.