Advertisement

Latest Adobe Flash vulnerability allowed hackers to plant malware

A group called BlackOasis used it to breach networks in over a dozen countries.

Adobe Flash may be on its way out, but apparently, its goodbye tour is going to be marred by security issues just as the software has for most of its existence. Kaspersky Labs reports that a new Adobe Flash vulnerability was exploited by a group called BlackOasis, which used it to plant malware on computers across a number of countries. Kaspersky says the group appears to be interested in Middle Eastern politics, United Nations officials, opposition activists and journalists, and BlackOasis victims have so far been located in Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, United Kingdom and Angola.

The attack took place on October 10th and the malware planted by BlackOasis is a commercial product called FinSpy or FinFisher, typically sold to governments and law enforcement agencies. Kaspersky notified Adobe of the vulnerability and it has since released a Flash Player security update for Windows, Macintosh, Linux and Chrome OS. Kaspersky said that it believes BlackOasis, which it has been tracking since last year, was behind a similar exploit in September.