Adobe Flash Player users urged to disable software after it lets criminals infect computers

The software is being killed off in 2020, but for many that date can't come soon enough

Aatif Sulleyman
Tuesday 17 October 2017 10:56 BST
Comments
An Adobe logo and Adobe products are seen reflected on a monitor display and an iPad screen, in this picture illustration July 8, 2013
An Adobe logo and Adobe products are seen reflected on a monitor display and an iPad screen, in this picture illustration July 8, 2013 (REUTERS/Dado Ruvic)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A “critical” security issue in Adobe Flash Player is putting computer users at risk.

The vulnerability is being exploited by a group called BlackOasis, which is using Microsoft Office “lure documents” to attack people all over the world, including in the UK.

Adobe has acknowledged the issue and released a security update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.

The problem, which was discovered by Kaspersky Labs’ Anton Ivanov, has once again put Flash in the spotlight.

The software is being killed off in 2020, but for many that date can’t come soon enough.

It has become less and less useful over the years, but is constantly being exploited by cyber criminals, who keep finding security holes that they can use to attack users.

This latest unwelcome incident has renewed calls for people to completely disable it.

“After installation, the malware establishes a foothold on the attacked computer and connects to its command and control servers located in Switzerland, Bulgaria and the Netherlands, to await further instructions and exfiltrate data,” explained Kaspersky Lab.

Adobe has described the issue as “a critical type confusion vulnerability”, which means cyber criminals could use it to infect victims with malware without them realising.

“Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows,” it said.

Kaspersky recommends disabling Flash Player, in order to stay protected.

“The attack using the recently discovered zero-day exploit is the third time this year we have seen FinSpy distribution through exploits to zero-day vulnerabilities,” Anton Ivanov added.

“Previously, actors deploying this malware abused critical issues in Microsoft Word and Adobe products. We believe the number of attacks relying on FinSpy software, supported by zero day exploits such as the one described here, will continue to grow.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in