All the latest UK technology news, reviews and analysis

Adobe rushes emergency fix for critical Windows and Mac OS Flash flaw

05 Feb 2014
Adobe Systems logo

Adobe has released a patch for a critical flaw in its Flash Player, which is believed to have been actively exploited by hackers.

The patch addresses a flaw prevalent in the Windows and Mac OS versions of Adobe Flash Player and earlier, and Adobe Flash Player and earlier in Linux.

The vulnerability was originally discovered by Kaspersky Labs researchers on 3 February. The Kaspersky researchers warned that the vulnerability is being used by an advanced group of hackers to mount sophisticated attacks capable of bypassing most security tools.

"During the past months we have been busy analysing yet another sophisticated cyber espionage operation, which has been going on at least since 2007, infecting victims in 27 countries. We deemed this operation 'The Mask'," read the research note.

"The Mask is leveraging high-end exploits, an extremely sophisticated malware which includes a bootkit and rootkit, Mac and Linux versions and a customised attack against Kaspersky products. This is putting them above Duqu in terms of sophistication, making it one of the most advanced threats at the moment."

Adobe confirmed it is aware of reports that attackers are using the vulnerability to target its customer base, and urged users to install the patch sooner rather than later.

"These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system. Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions," read the advisory.

F-Secure security analyst Sean Sullivan suggested the sophisticated nature of the campaign indicates that The Mask hackers are state sponsored, but warned that it is only a matter of time before criminals begin exploiting the Flash flaw.

"Currently, it is probably limited to high-end APT nation state stuff. But now that the patch is out crimeware kits will start moving to adopt and develop exploits for the vulnerability," he said.

State-sponsored hacking has been a growing issue for companies. The number of attacks and APT campaigns believed to be government sponsored has been gradually growing over the past few years.

Researchers from security firm CrowdStrike reported uncovering a campaign targeting numerous European energy companies, codenamed Energetic Bear, in January. The campaign is allegedly state sponsored.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

URGENT - IT Support Position - Graduate, Windows, Excel, SQL

Graduate, junior role, Software, Computer Science, Programming...

Graduate IT Support - Financial Services

My financial trading technology client is seeking a Support...

Senior .Net Developer - Kingston Upon Thames, Surrey

Senior .Net Developer - Kingston Upon Thames, Surrey...

Senior Project Manager

Senior Project Manager Up to £45,000.00 per annum...
To send to more than one email address, simply separate each address with a comma.