Adobe scrambles to patch "critical" Flash zero-day flaw under attack

The flaw is currently being exploited by hackers to launch "targeted" attacks.
Written by Zack Whittaker, Contributor

Adobe will take two days to push a critical patch to Flash, which is currently being used to launch attacks by hackers.

The company said in a security advisory on Tuesday that it was "aware" of a report for an exploit in the wild, which the company said hackers could use for "limited, targeted attacks." A successful exploitation of the flaw could let an attacker full access to the affected system, it read.

A patch is expected to land Thursday, leaving millions of machines vulnerable in the meantime.

Kaspersky Lab, which was credited with finding the flaw, said in a blog post that it believes an advanced persistent threat (APT), a group dubbed ScarCruft, is behind the attacks.

From the blog post, the researchers say the group has observed attacks in several countries, including Russia, Nepal, South Korea, China, India, Kuwait, and Romania. "The group has several ongoing operations utilizing multiple exploits -- two for Adobe Flash and one for Microsoft Internet Explorer," they said.

The security researchers confirmed that Microsoft's EMET, an anti-hack toolkit for Windows, mitigates against the flaw.

In the meantime, if you haven't already, you can disable Flash in just a few clicks.

How to disable Adobe Flash on Windows, Mac

Editorial standards