18 Oct Adobe Fixes Zero-Day Vulnerability Used to Plant Surveillance Software
Last Monday, Adobe issued a fix for a zero-day vulnerability initially discovered by Kaspersky Lab researcher Anton Ivanov. The flaw is known to be used by the advanced persistent threat (APT) group, BlackOasis.
The flaw is a critical confusion vulnerability that can cause code execution in Windows, Chrome OS, Linux, and Mac systems. It affects programs like Adobe Flash Player for Microsoft Edge, Internet Explorer 11, and Google Chrome Adobe Flash Player. The flaw is distributed via suspicious MS Words document that inputs a FinSpy malware.
FinSpy is known as a highly advanced program used by governments all over the globe to conduct surveillance on personalities like activists, convicts, and journalists. FinSpy malware can also intercept communication in apps like Skype, as well as browse and copy data.
Businesses and private users are encouraged to apply Adobe’s latest security updates to prevent infection. Kasperksy speculates that BlackOasis is responsible for five zero-day vulnerabilities since June 2015.
Source: ZD Net