Hackers are rushing to exploit a zero-day Flash vulnerability to plant surveillance software before organisations have time to update their systems to patch the weakness.
Uncovered by researchers at Kaspersky Lab on Monday, the CVE-2017-11292 Adobe Flash vulnerability allows attackers to deploy a vulnerability which can lead to code execution on Windows, Mac, Linux, and Chrome OS systems.
The exploit enables the delivery of malicious Word documents bundled with malware for example to allows attackers to snoop on communications, eavesdrop on video messages and calls, and steal files.
Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome, Adobe Flash Player for Microsoft Edge, and Internet Explorer 11 are all affected by the vulnerability and organisations are urgently told to install the critical update.
As a result, attackers are moving quickly to exploit it while they can and researchers at Proofpoint have attributed a campaign designed to spread trojan malware using the vulnerability to APT28 – also known as Fancy Bear – a Russian hacking group with links to the Kremlin.
The campaign to exploit the Flash vulnerability has been sent to government offices in Europe and the US specialising in foreign relations – researchers liken them to “entities equivalent to the State Department” – as well as private businesses in the aerospace industry.