Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Adobe updates Flash Player to fix 'actively exploited' flaw

Adobe updates Flash Player to fix 'actively exploited' flaw
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Jun 24, 2015, 02:03 PM
 
Adobe on Wednesday has released an emergency patch for its Flash Player browser plug-in due to a critical flaw that is being actively exploited in the wild. Flash Player 18.0.0.161 and earlier for Windows and Macintosh systems are affected by the issue, as is version 11.2.202.466 for Linux 11.x versions. The attack, called APT3 for the China-based organization from which it originates, uses spam "phishing" emails targeted at industry professionals to gain credentials used to steal intellectual property data.

The hacker group is "responsible for the so-called Clandestine Fox operation has been exploiting the latest Flash zero day since early this month, via phishing emails targeting aerospace and defense, construction and engineering, high tech, telecommunications, and transportation organizations," said Kaspersky's ThreatPost blog, and quoted FireEye's Mike Oppenheim as saying that while Adobe has acted fairly quickly on developing a fix after being notified privately of the flaw two weeks ago, those who are not up-to-date with today's patch are still at risk.

"Any time one of these groups is using a zero day [exploit] and casting such a wide net, it's pretty significant, especially since the activity started in early June, and a patch was not released until today," Oppenheim said. "That's a big window, and possibly tons of victims are affected."

The professional users targeted in the phishing emails are usually receiving suspicious emails about deeply-discounted Apple products, as many high-tech industries now use iOS devices and Macs for enterprise purposes. "The emails contain links to attacker-controlled websites where the Flash exploit is downloaded quietly onto a victim's machine, as is the backdoor for moving data and dropping additional malware," said Kaspersky. The full report from FireEye is available here.

Adobe's updates for Flash Player generally extend no further back than OS X 10.6, and so any machines running older versions of OS X are advised to disable Flash functionality entirely. Windows systems running XP and earlier are also advised to disable Flash if it cannot be updated to the latest version.
     
aroxnicadi
Junior Member
Join Date: Jun 2011
Location: Grande Prairie, Alberta
Status: Offline
Reply With Quote
Jun 25, 2015, 07:45 AM
 
Flash player is starting to be or should I say is a joke. It seems every other week Adobe is releasing a new version with some sort of fix. Seems hackers love hacking it.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 06:44 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,