The Daily Swig Web security digest

BlackOasis: Adobe releases critical Flash update

James Walker | 24 October 2017 at 10:00

Hopes of a peaceful retirement are fading for iconic media platform.

Adobe Systems has rolled out a critical update for Flash Player, after the vendor was alerted to a fresh zero-day exploit found in the wild.

On October 10, Kaspersky Labs’ advanced exploit prevention systems identified an exploit that delivers the latest version of the commercial-grade FinSpy malware.

The attack begins with the delivery of a Microsoft Office document, presumably via email. Embedded within the document is an ActiveX object which contains the Flash exploit.

At the second stage, a shellcode downloads the FinSpy payload, which then connects to command and control servers located in Switzerland, Bulgaria, and the Netherlands to await further instructions and exfiltrate data.

Analysis of the payload led the Kaspersky researchers back to an actor named ‘BlackOasis’, who is thought to have been responsible for another Flash zero-day exploit discovered by FireEye last month.

“So far only one attack has been observed in our customer base, leading us to believe the number of attacks are minimal and highly targeted,” said Kaspersky Labs’ Anton Ivanov.

Since its launch back in 1996, Flash Player has grown to become the world’s best-known multimedia platform, distributed across every major web browser and operating system.

Over recent years, however, the application has become increasingly criticized for its spotty performance, draining batteries on mobile devices, and no shortage of security vulnerabilities.

As open standards such as HTML5, WebGL and WebAssembly have matured over the past several years, Adobe announced in July that it will stop updating and distributing Flash Player at the end of 2020.