Hackers Actively Exploiting Latest Adobe Flash Hole

On Monday Adobe alerted the public that attackers are taking advantage of a remote code execution security vulnerability in its Flash platform in Web browsers.

Security firm Kaspersky Lab researchers first discovered the zero-day flaw, designated CVE-2017-11292, and observed it being used to attack enterprises and government organizations. As of Monday, researchers have found that targets have included targeted individuals (including some politicians) in Iraq, Afghanistan, Russia, Iran, Africa, the Middle East and the United Kingdom.

In response, Adobe has released a Flash security update, currently available for Google Chrome, Microsoft Edge and Internet Explorer, and the company urges users to update both the browser and desktop versions of Flash as soon as possible.

Researchers for the company also confirmed that the group behind the recent attacks also had a hand in another zero-day flaw reported in September and is known as BlackOasis.

The group has been known to exploit vulnerabilities in Flash to upload the FinSpy malware, which is a commercially available tool commonly used for surveillance activites. Kaspersky Lab also argues that this tool is being used in large campaigns by nation states.

"In the past, use of the malware was mostly domestic, with law enforcement agencies deploying it for surveillance on local targets," wrote Kaspersky in a blog post on Monday. "BlackOasis is a significant exception to this – using it against wide range of targets across the world. This appears to suggest that FinSpy is now fuelling global intelligence operations, with one country using it against another. Companies developing surveillance software such as FinSpy make this arms race possible."

Once the FinSpy malware is installed through means like this week's Flash vulnerability, the affected systems connect to command and control servers in Switzerland, the Netherlands and Bulgeria, where data can then be extracted.

Along with Adobe's advice of updating Flash, Kaspersky recommends enterprises use the killbit feature of Flash and completely disable it in systems where it's not needed, along with keeping up to date with all security software updates and conducting regularly scheduled IT infrastructure threat assessments.

About the Author

Chris Paoli is the site producer for and


  • Tamper Protection Now Available to Microsoft Defender ATP Subscribers

    The Microsoft Defender Advanced Threat Protection (ATP) E5 subscription plan now has an optional "tamper protection" security feature, Microsoft announced on Monday.

  • Exploring OCR, a New Way To Get Data into Excel

    Microsoft recently added a new optical character recognition feature to Excel that lets users import data from a photograph taken from a smartphone. Here's how to use it.

  • Microsoft Authenticator App To Get Real-Time Phishing Protections

    Microsoft is working on adding capabilities to its Microsoft Authenticator app to help defeat security breaches enabled by advanced attack techniques, including phishing and man-in-the-middle methods.

  • A Quicker Way To Create Hyper-V Inventory Reports

    If you need to generate Hyper-V inventory reports but don't want the hassle of writing your own custom PowerShell script, here is a shortcut.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.