After a report by FireEye that Adobe's Flash has a serious vulnerability which allows hackers to hijack a computer, Adobe urged all users to update their software immediately.
Less than a week ago, FireEye said the vulnerability enables hackers to remotely hijack the victim’s computer by using a specially created video file. Adobe has since released an urgent update to rectify the issue. It can be downloaded using the auto-update included with Flash.
According to reports, a Chinese hacking collective known as APT3 is already exploiting the vulnerability by sending phishing emails to companies in the engineering, telecommunication and aerospace industries.
“This group is one of the more sophisticated threat groups that FireEye Threat Intelligence tracks,” explained FireEye.
“After successfully exploiting a target host, this group will quickly dump credentials, move laterally to additional hosts and install custom backdoors.”
As well as the threat from APT3, the malware has also made its way into a popular exploit kit known as Magnitude. Exploit kits enable attackers to install malware without having to write their own exploits. The Guardian reports that this has already been used to install ransomware on victims’ computers.
Flash users should ensure that they have the latest version downloaded from the Adobe website in order to protect themselves from cyberattacks.
At the time of writing, the latest Flash version is 18,0,0,194. Users can visit the Adobe website to check if they have the latest version of Flash installed, and if that’s not the case, to update straight away.