- V3 Apps
Adobe has released a patch for a critical flaw in its Flash Player, which is believed to have been actively exploited by hackers.
The patch addresses a flaw prevalent in the Windows and Mac OS versions of Adobe Flash Player 126.96.36.199 and earlier, and Adobe Flash Player 188.8.131.525 and earlier in Linux.
The vulnerability was originally discovered by Kaspersky Labs researchers on 3 February. The Kaspersky researchers warned that the vulnerability is being used by an advanced group of hackers to mount sophisticated attacks capable of bypassing most security tools.
"During the past months we have been busy analysing yet another sophisticated cyber espionage operation, which has been going on at least since 2007, infecting victims in 27 countries. We deemed this operation 'The Mask'," read the research note.
"The Mask is leveraging high-end exploits, an extremely sophisticated malware which includes a bootkit and rootkit, Mac and Linux versions and a customised attack against Kaspersky products. This is putting them above Duqu in terms of sophistication, making it one of the most advanced threats at the moment."
Adobe confirmed it is aware of reports that attackers are using the vulnerability to target its customer base, and urged users to install the patch sooner rather than later.
"These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system. Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions," read the advisory.
F-Secure security analyst Sean Sullivan suggested the sophisticated nature of the campaign indicates that The Mask hackers are state sponsored, but warned that it is only a matter of time before criminals begin exploiting the Flash flaw.
"Currently, it is probably limited to high-end APT nation state stuff. But now that the patch is out crimeware kits will start moving to adopt and develop exploits for the vulnerability," he said.
State-sponsored hacking has been a growing issue for companies. The number of attacks and APT campaigns believed to be government sponsored has been gradually growing over the past few years.
Researchers from security firm CrowdStrike reported uncovering a campaign targeting numerous European energy companies, codenamed Energetic Bear, in January. The campaign is allegedly state sponsored.