Adobe has released a new security update for CVE-2016-4171, which is another critical vulnerability in Flash Player.
According to Adobe, this Flash Player vulnerability was firstly spotted being used in limited, targeted attacks. Back then, the company has confirmed that an update that will fix this issue will be released on June 16, 2016. Well, it seems that Adobe has released a new update of the Flash Player which fixes this issue.
We remind you that this issue was firstly discovered by Costin Raiu and Anton Ivanov of Kaspersky Lab. The two security researchers have said that a successful exploitation could cause a crash which will allow the attacker to take control of the affect system.
Costin Raiu said in a blog post that this exploit was used by an APT gang called ScarCruft. This team is planning on hitting several countries including Romania, Nepal, South Korea, China, India, Kuwait and Russia.
Raiu has added that the group has already engaged in two major operations called Operation Erebus and Operation Daybreak. Operation Daybreak has been launched by ScarCruft sometime back in March 2016 and it uses an exploit from Adobe Flash Player on high profile victims. The Operation Erebus is using an older exploit, known as CVE-2016-4117, which is “leverages watering holes”.
Adobe is desperately trying to fix all the security issues that its Flash Player has, but it seems that new problems are being discovered everyday. We are pretty sure that the Adobe Flash Player will die in 1-2 years, as there are already a good amount of companies who have started to ditch this player for the HTML5. In other words, it is just a matter of time until we will see more and more big companies using HTML5 instead of the old “Adobe Flash Player”.
Do you think that Adobe has a chance to make users trust the Flash Player once again?
Every techie needs a pair of sick headphones. Neurogadget recommends these Audio Technica Professional Studio Monitor Headphones for both their quality and their cool-factor.