And yet, Flash is still alive and kicking and plenty of websites still use it to display their content. So stop us if you’ve heard this one before, if you’re still a Flash holdover, update it now! Adobe rushed another emergency patch to fix a zero-day vulnerability, and it’s critical that you update your Flash software as soon as you can. Note: Zero-day vulnerabilities are dangerous since they are previously unknown software exploits that are already being used by hackers even before the software makers are made aware of them.

Another zero-day Flash flaw

Adobe has recently issued another out-of-band emergency patch for its infamous Flash software for a critical zero-day bug that it is already being exploited by hackers. Security researchers from Chinese cybersecurity firm Qihoo 360 discovered the flaw after spotting a targeted Advanced Persistent Threat Attack (APT) aimed at a Russian medical clinic. This facility is known for providing health-care and cosmetic services to high-level Russian Federation employees and famous Russian scientists and artists. Codenamed “Operation Poison Needles” by Qihoo, the zero-day attack sneaks in via a RAR-compressed Word document disguised as a seven-page job application questionnaire. Embedded within the document is a Flash Active X object which harbors the exploit. The method of distribution for this attack? The booby-trapped document is sent via phishing emails to the intended targets.  If a target opens the document and allows the embedded Flash Active X object to execute, the malicious code will then escalate its system privileges via the zero-day exploit and download a remote spying tool.

The bugs

The critical vulnerability is now known as “use after free” bug (CVE-2018-15982), and Adobe warns that a successful exploit could lead to remote code execution. Another important fix is also included in the emergency patch (CVE-2018-15983), and this one addresses a privilege escalation vulnerability due to DLL hijacking.

Who’s responsible for the attacks?

Qihoo 360 said that the source of the attacks is still under investigation but due to the clientele of the targeted Russian polyclinic, it is likely that it is political in nature. The zero-day exploit’s code also has similarities with the hacking exploits deployed by the Italian spyware developer HackingTeam which interestingly, had its tools leaked back in 2015. This suggests that this current Flash attack may be from a separate hacking group who gained possession of HackingTeam’s leaked exploits and is now using the tools for political ends. However, the main thing you need to know about this incident is that the zero-day flaw is out there and other enterprising cybercrooks will inevitably exploit it too. If you’re still using Flash on a regular basis, update your software now!

How to update Flash

If you still rely on using Flash Player for websites (you shouldn’t), it’s important that you update to the latest version 32.0.0.101 immediately. Here’s how to update your system’s Flash software: For Chrome, Internet Explorer 11 and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually. –> Click here to use our Adobe Flash Update Tool guide for download and install instructions. The latest Flash Player version for Windows, Mac, Chrome, Microsoft Edge and Internet Explorer 11 and Linux is 32.0.0.101.  The latest Adobe Flash Player Windows installer is version 31.0.0.122.