14 DAY TRIAL // Adobe released Flash Player version 22.0.0.192 which fixes 36 security issues, among which there is a zero-day vulnerability used in live attacks by a cyber-espionage group discovered by Russian security firm Kaspersky Labs.
The company gave everyone a heads up about the zero-day exploit on Tuesday when it revealed that Kaspersky Labs discovered live attacks using a never-before-seen security bug in Flash.
Zero-day used by StarCruft APT
Kaspersky expert Costin Raiu said his company came across computers compromised by the StarCruft cyber-espionage group in two different campaigns, one they named Operation Daybreak and one Operation Erebus.
StarCruft hackers used the Flash zero-day to trigger a memory corruption bug in Flash Player, which allowed them to execute code on the victim's machine and take over the device.
Besides the zero-day (CVE-2016-4171), the group also employed other Flash exploits such as CVE-2016-4117 and CVE-2016-0147, the latter of which was another zero-day exploit that Adobe patched in April.
StarCruft also used another exploit for Internet Explorer, and Kaspersky says the group launched attacks against targets in Russia, Nepal, South Korea, China, India, Kuwait, and Romania.
Microsoft EMET would have protected against zero-day exploitation
The recent Flash Player zero-day, CVE-2016-4171, works on all versions of Flash, but Raiu says that Microsoft EMET, if installed, would be able to block exploitation. Unfortunately, EMET does not ship by default with Windows, even if Microsoft started embedding some of its core features in Windows 10.
Besides the zero-day, Adobe also fixed other issues in Flash, such as two type confusion vulnerabilities, six use-after-free issues, three heap buffer overflow problems, one directory search path bug, and 22 memory corruption issues. All led to remote code execution and allowed attackers to run code on targeted machines.
Updates for Flash running on Windows, Mac, and Linux have been released and are available for download. The latest Adobe Flash Player version numbers are 22.0.0.192 for Windows and Mac, and 11.2.202.626 for Linux distros.