Skip to main content

Hacker group may be exploiting unpatched vulnerability in Adobe Flash Player

adobe exploit scarcruft heartbleed bug hacker
Kaspersky Lab’s latest blog, written by Costin Raiu, points to a security advisory published by Adobe that warns of a critical vulnerability in Adobe Flash Player version and older for ChromeOS, Linux, Macintosh, and Windows-based operating systems. This vulnerability, called CVE-2016-4171, could cause a crash if exploited and allow hackers to take control of the affected system.

According to Adobe, it’s aware of an exploit of CVE-2016-4171 being used in the wild in limited, targeted attacks. However, the company doesn’t seem to be too worried about the problem, as a fix won’t be offered until Adobe dishes out its monthly security update slated to be released as early as June 16 (just days away).

In its security advisory, Adobe actually acknowledged Anton Ivanov and Costin Raiu of Kaspersky Lab for reporting the vulnerability in Flash Player and working with the company to address the issue. Raiu indicated in his follow-up blog that the exploit was uncovered by new technologies inserted into Kaspersky Lab products to identify and block zero-day attacks. This new tech caught and blocked an Adobe Flash zero-day exploit earlier this year, followed by another one just this month.

Raiu said that the security firm believes a new advanced persistent threat (APT) group internally called “ScarCruft” is behind these attacks. This group has several ongoing operations using two exploits in Adobe Flash and one in Internet Explorer. So far, their victims have resided in a number of countries outside North America including China, India, Kuwait and Romania.

According to the security firm, one of the operations currently in motion is dubbed Operation Daybreak. This attack, launched back in March 2016, focuses on high-profile victims using a zero-day Adobe Flash Player exploit that was previously unknown. Another attack is dubbed Operation Erebus, which uses an older exploit and, according to Raiu, “leverages watering holes.” There may have been a third attack too, but that exploit was patched in April.

In addition to Adobe’s Flash Player security advisory published on Tuesday, Adobe also released a number of security bulletins for Adobe DNG SDK, Adobe Brackets, Adobe Creative Cloud Desktop Application, and ColdFusion. For instance, the company released hotfixes for ColdFusion 10, 11, and the 2016 release that resolve an input validation issue that could be used in reflected cross-site scripting (XSS) attacks. The company recommends that customers update these product installations to the latest release.

Adobe issued security updates for Flash Player just a month ago, addressing vulnerabilities that could allow a hacker to gain control of an affected system. One of the affected versions the security updates addressed was Adobe Flash Player for Microsoft Edge and Internet Explorer 11 v21.0.0.241 and earlier, as well as Adobe Flash Player for Google Chrome v21.0.0.216 and earlier.

As for the latest attack on Adobe Flash Player, Raiu said that Kaspersky Lab will release more details when Adobe patches the vulnerability, which he expects to be on June 16 as Adobe indicated in its security advisory.

“Until then, we confirm that Microsoft EMET is effective at mitigating the attacks,” he added in the blog.

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Outdated installs of Adobe Flash Player soon won’t load in Internet Explorer 11
microsoft bleeds ie users to google chrome on top by mid year internet explorer

Although Microsoft Edge takes center stage as the main browser of Windows 10, Internet Explorer 11 still lurks in the background in case the user happens to wander over to an older website. However, it is also provided to customers who refuse to jump on the Windows 10 bandwagon. Because of this, the Microsoft Edge team keeps the older browser up to date, which includes a plan to expand its out-of-date ActiveX control blocking feature on October 11.

According to the team, outdated versions of Adobe Flash Player will be blocked in Internet Explorer 11 starting next month. This ban includes all versions of Adobe Flash Player prior to, and all versions of Adobe Flash Player Extended Support Release prior to However, this block will only apply to Internet Explorer 11 on Windows 7 SP1 and Windows Server 2008 R2.

Read more
Adobe issues emergency patch for yet another Flash exploit
A hacker inputting code into a system.

Have you updated Flash recently? Even if you have, you might want to make sure you’re up to date, as yesterday Adobe issued an emergency patch addressing several critical vulnerabilities that the company says “could potentially allow an attacker to take control of the affected system.”

The vulnerabilities affect those using the plugin in Windows, Mac, and Linux, including those versions provided in browsers like Chrome. And at least one of these bugs is currently known to those who walk on the darker side of the Web, with Adobe saying that the patch fixes an exploit that is being used in “limited, targeted attacks.”

Read more
Adobe and Google join forces to strengthen Flash defenses against hacks
new defenses make flash more difficult to hack adobeflash

A series of cyber attacks targeting Adobe's Flash Player has led to a strengthening of the company's defenses, according to Ars Technica. With such an immense user base, Flash has become an obvious target, and a susceptible one, for hackers seeking to inconvenience the largest audience possible.

As a result, a vast assortment of software engineers at Adobe and Google have scurried to shore up the vulnerabilities in Google's Chrome browser, by far the most popular in terms of global market share. These changes, detailed in a blog post on Thursday, are said to have structurally modified the way Flash interacts with the operating systems installed on many PCs, thereby diminishing the likelihood of attacks.

Read more