Adobe has issued a patch for the Plash Player zero-day vulnerability (CVE-2016-4171) that is actively exploited by the ScarCruft APT group.
The bug, discovered by Anton Ivanov of Kaspersky Labs, is being used in “limited, targeted attacks.”
According to Kaspersky, the group has been spotted using zero-day exploits before, and is currently engaged in two major operations.
“The first of them, Operation Daybreak, appears to have been launched by ScarCruft in March 2016 and employs a previously unknown (0-day) Adobe Flash Player exploit, focusing on high profile victims. The other one, Operation Erebus employs an older exploit, for CVE-2016-4117 and leverages watering holes. It is also possible that the group deployed another zero day exploit, CVE-2016-0147, which was patched in April,” Kaspersky’s Costin Raiu shared.
Obviously, the group is either technically very proficient or has the means to buy the exploits from others who created them.
ScarCruft’s targets are not home users, but high profile enterprises and organizations around the world. Nevertheless, all users are advised to upgrade to the newest Flash Player version as soon as possible.
For one, it’s likely that the patch will be reverse-engineered very quickly, an exploit created and added to an exploit kit to target all users who are casual with keeping their software updated.
And secondly, the security update also contains patches for a slew of other bugs, the vast majority of which could lead to arbitrary code execution.
Adobe has also released an update for Adobe AIR, which fixes a single code execution flaw.