Urgent: Emergency Flash Update
Adobe has patched a zero-day vulnerability used by the BlackOasis APT to plant surveillance software developed by Gamma International.
The vulnerability, CVE-2017-11292, was disclosed on 10th October by researchers at Kaspersky Lab, who saw the payload and exploit used against a customer’s network.
An exploit utilizing the flaw is delivered through a malicious Microsoft Word document which then installs the FinSpy commercial malware. FinSpy is a highly sophisticated system used by governments worldwide to monitor the activities of people of interest — whether criminals, activists, or journalists. The malware is able to monitor communication software such as Skype, eavesdrop on video chats, log calls, view and copy user files, and more.
Victims of the APT have been spotted in countries including Russia, Iraq, Afghanistan, Nigeria, Libya, and Angola, but the groups’ interests are hard to decipher — spanning across everything from oil to money laundering and think tanks.
Adobe said Flash version 22.214.171.124 on the desktop, Linux and Google Chrome is affected, as well as version 126.96.36.199 for Edge and Internet Explorer 11 on Windows 10 and 8.1. Users should be sure to be running Flash 188.8.131.52 on all platforms, or heed the advice of many security experts to disable Flash all together.
Robert Brown, Director of Services for Verismic said, “We have now observed two Zero Day exploits within the past month, with some industry experts (including our own) suspecting this to be part of the Black Oasis group who are exploiting vulnerabilities using the FinSpy payload. We are recommending all of our clients to ensure this patch is deployed as quickly as possible using Cloud Management Suite.”
As the zero-day is in active use, all users should immediately apply Adobe’s latest security fix to stay safe.
Start a free, 14-day trial of Cloud Management Suite, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.