Adobe is working on a patch for a newly-discovered vulnerability in Adobe Flash that is being actively exploited by hackers in targeted attacks. Ars Technica has the details:
The active zero-day exploit works against the most recent Flash version 21.0.0.242 and was detected earlier this month by researchers from antivirus provider Kaspersky Lab, according to a blog post published Tuesday by Costin Raiu, the director of the company’s global research and analysis team. It’s being carried out by “ScarCruft,” the name Kaspersky has given to a relatively new hacking group engaged in “advanced persistent threat” campaigns that target companies and organizations for high-value information and data.
Details on how to mitigate the threat can be found on Symantec’s website.
Adobe has published minimal information on its website, and a fix may arrive as early as tomorrow (Thursday 16 June).
By which time you’ll hopefully also have had a chance to roll out the critical Patch Tuesday fixes Microsoft published yesterday.
