![]() ![]() Flash has been designated for end-of-life. Users should be sure to be running Flash 27.0.0.170 on all platforms, or heed the advice of many security experts to disable Flash all together. Brian Bartholomew, a member of Kaspersky Lab’s Global Research and Analysis Team (GReAT), said retrieval of the payload-which is the latest FinSpy version-is done in multiple stages.Īdobe said Flash version 27.0.0.159 on the desktop, Linux and Google Chrome is affected, as well as version 27.0.0.130 for Edge and Internet Explorer 11 on Windows 10 and 8.1. The attackers spread the exploit via email, embedding the Flash exploit inside an Active X object inside a Word document. 10 by researchers at Kaspersky Lab, who saw the payload and exploit used against a customer’s network. ![]() The vulnerability, CVE-2017-11292, was privately disclosed Oct. It’s sold to governments and law enforcement around the world, including allegations of sales to oppressive regimes including Egypt, Bahrain, Ethiopia, Uganda and elsewhere. Sold by the controversial German company Gamma International, FinSpy, or FinFisher, is a suite of surveillance and espionage software used to remotely monitor compromised computers. The group known as Black Oasis was, as recently as this month, using exploits for the flaw to drop FinSpy as a payload. Adobe today released an out-of-band Flash Player update addressing a zero-day vulnerability being exploited by a little-known Middle Eastern APT group. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |