Two weeks after Adobe has patched CVE-2016-4117 vulnerability, hackers found a way to integrate this patched exploit into their attack tools and now they’re infecting devices with malware. Security researchers FireEye have found this vulnerability that hackers used to attack users through malicious Flash content that was integrated into Microsoft Office documents.
Adobe has unpatched CVE-2016-4117 which affected Flash Player versions 126.96.36.199 and earlier for Windows, OS X, Linux and Chrome OS, then it patched it two days later. Unfortunately, this didn’t stop cybercriminals from getting their hands on the exploit code and to use it in their attacks.
Just when everyone thought that Adobe will no longer have problems with the CVE-2016-4117 vulnerability, on Saturday, Kafeine, which is a famous malware researcher, has spotted it in Magnitude. This is one of the most popular exploit kits that cybercriminals use in their attacks and they’ve managed to install malware on their computers when visiting compromised websites.
Cybercriminals have also posted malicious ads on legitimate websites, and they had the same effect. When users have visited these websites, they’ve installed viruses on their devices, without their knowledge. This technique is known as malvertising, and if users don’t have an efficient anti-virus program, they are victims for sure.
Cyberespionage groups care a lot about their kits, unlike exploit kit creators and operators, whose exploits are used for patched vulnerabilities, because they know that users rarely update Flash Player and they spend a lot of time on the internet, visiting various websites, where they could get malware.
We don’t know the real number of victims that installed malware in the two weeks, while Adobe has worked hard to patch the CVE-2016-4117 vulnerability, but Kafeine has also reported that, at the beginning of April, he discovered another Flash zero-day (CVE-2016-1019) which hackers have used to deliver Cerber and Locky ransomware.