Critical Adobe Flash bug under active attack currently has no patch


June 15, 2016

Attackers are exploiting a critical vulnerability in Adobe’s widely used Flash Player, and Adobe says it won’t have a patch ready until later this week.

The active zero-day exploit works against the most recent Flash version 21.0.0.242 and was detected earlier this month by researchers from antivirus provider Kaspersky Lab, according to a blog post published Tuesday by Costin Raiu, the director of the company’s global research and analysis team. It’s being carried out by “ScarCruft,” the name Kaspersky has given to a relatively new hacking group engaged in “advanced persistent threat” campaigns that target companies and organizations for high-value information and data. Raiu wrote:

Read full story…