Flash Player, discovering a new vulnerability, Experts advise to update
The team of researchers at Kaspersky’s laboratories has discovered a new and dangerous ” zero-day ” vulnerability within Adobe Flash Player. Just the same security flaw used by the group of hackers BlackOasis against politicians and journalists.
Kaspersky Lab has recently discovered a dangerous ” zero-day ” vulnerability within the Adobe Flash Player software that allows hackers to take advantage of it against users unaware of the danger. In this case, the security flaw seems to be the same that allowed the group of hackers BlackOasis to take control of the devices of politicians, journalists but also activists who have been seen stealing their sensitive data without being able to replicate. In this case, the cracker group uses the Flash Player bug to infect victims’ PCs by sending emails.
Technically, what happens, as reported by Kaspersky Lab, is the sending of an email containing an Active X attachment that allows malicious users once downloaded to obtain any permission to read or even write in the memory of the device. Here, once the malware has been downloaded to the victim’s PC, hackers can remotely monitor the device and thus spy on the victim’s actions, stealing sensitive data that they can reuse.
As explained by Kaspersky, FinSpy (or FinFisher) is a commercial product normally used by the States for surveillance purposes, but can also be used by others to steal all kinds of information. In the past, malware was used by law enforcement agencies to monitor local targets. The malware was created by the German company Gamma International and used to subject target devices to remote control by governments. Just its diffusion already created many criticisms of society, especially for its supply of the instrument to countries governed by oppressive regimes such as Egypt or Bahrain or Uganda.
What to do to avoid having these problems? The best solution to ensure the safety of their devices is undoubtedly to update with all the tools that Adobe has released in its official channels. Keep in mind the fact that very often even updates to these issues are distributed in disguise, and users then found themselves to update with the installation of malware.
So the further advice is to update yes but from reliable sites or better with updates provided automatically by the software. They are now the last years of life of Adobe Flash Player that from the next 2020 will definitely see its end allowing to remedy in some way the flaws that have been created during these years which, according to the latest data, have exceeded even the thousand of drives doing worse than Windows XP.