Although clearly not the case, it sometimes feels like hackers hate Adobe Flash. Despite the fact that it represents a simple path to exploit user’s systems, every time it gets found to be insecure, it dies a little more. That slip into obscurity looks likely to continue, as yet another flaw has been found in the fully patched version of Flash, leaving users vulnerable to malware infiltration and potentially other attacks too.
Fortunately as it stands, it appears that the exploit is only being used to go after international government systems, with Trend Micro reporting that a group has been using the bug to try to infect employees by sending them emails with eye-catching titles and links to faux news stories. Anyone who practices basic computer security will have no doubt guessed at this point, that those links lead on to malware installs, not news.
Some of the headlines quoted as being used by those hoping to infect new victims include:
“Israel launches airstrikes on targets in Gaza,” “Syrian troops make gains as Putin defends air strikes,” and “Russia warns of response to reported US nuke buildup in Turkey, Europe.”
While the bug is said to affect both 22.214.171.124 and 126.96.36.199 versions of Flash, little else has been revealed at this time, presumably to prevent anyone else from utilising the exploit.
As you might expect, those who discovered the bug have been in touch with Adobe and are helping to have the hole shored up. They also took the opportunity in the Trend Micro blog entry to advertise the company’s services, stating that its Deep Discovery software would protect against any such threats and could even contain any nefarious malware in a sandbox.
Discuss on our Facebook page, HERE.
KitGuru Says: Flash really does seem to be in its death throes. As much as it has a strong history with the internet, especially when it comes to seeding the app marketplace with strong game and animation makers, perhaps it is time to say goodbye to Flash for good.