Adobe discovered a new vulnerability in Flash Player that affects every version running on the Windows, Macintosh and Linux operating systems. The company is currently working on an update that will protect all its users. Adobe warned the vulnerability could crash and potentially allow an attacker to take control of the affected system. The bug was discovered earlier this week by researchers at Trend Micro.
“Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks. Adobe expects to make an update available during the week of October 19,” the company said.
The attacks are launched by cyberespionage group Pawn Storm against governments. The group has been active since 2007 and they have targeted a number of government agencies in Europe, Asia and the Middle East, as well NATO organizations, the White House and US media.
Adobe Flash is a multimedia and software platform used for creating vector graphics, animation, browser games, rich Internet applications, desktop applications, mobile applications and mobile games. Flash displays text, vector and raster graphics to provide animations, video games and applications. It allows streaming of audio and video, and can capture mouse, keyboard, microphone and camera input. The Flash ran on more than 800 million mobile phones manufactured by 20 handset makers. However, Adobe’s popularity has over the years waned as more in the online video industry turn to HTML5.
“2015 has been a very bad year for the Flash Player and given that a patch won’t be available for several more days it is crucial to take immediate action to protect yourself,” Jerome Segura, a senior malware researcher at Malwarebytes, wrote. “Indeed, this window of opportunity is something that exploit kit authors have taken advantage of in the past to infect scores of end users.”
Adobe responded to the report and released an update.”Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-7645 is being used in limited, targeted attacks.”Adobe wrote in a their security belletin.
Last month Google released a statement that it will no longer automatically play advertisements with Flash on its Chrome browser.
“We will stop displaying Flash ads on our website, specifically because of the changes made by Google and existing policies by other Web browsers.” Amazon said.
“This change ensures customers continue to have a positive, consistent experience on Amazon, and that ads displayed across the site function properly for optimal performance,” it added.