Adobe is urging Flash users to update to the latest version of the software after a significant security flaw was discovered.
The patch to fix the vulnerability was only made available last week, meaning that Flash users with anything but the most-up-to-date download are at risk.
The flaw enables attackers to remotely hijack the victim’s computer using a specially created video file. According to reports, a Chinese hacking collective known as APT3 is already exploiting the vulnerability by sending phishing emails to companies in the engineering, telecommunication and aerospace industries.
“This group is one of the more sophisticated threat groups that FireEye Threat Intelligence tracks, and they have a history of introducing new browser-based zero-day exploits (e.g. Internet Explorer, Firefox, and Adobe Flash Player),” explained FireEye, the security firm which discovered the flaw. “After successfully exploiting a target host, this group will quickly dump credentials, move laterally to additional hosts, and install custom backdoors. APT3’s command and control (CnC) infrastructure is difficult to track, as there is little overlap across campaigns.”
As well as the threat from APT3, the malware has also made its way into a popular exploit kit known as Magnitude. Exploit kits enable attackers to install malware without having to write their own exploits. The Guardian reports that this has already been used to install ransomware on victims’ computers.
Flash users should ensure that they have the latest version downloaded from the Adobe website in order to protect themselves from cyberattacks.