The active zero-day exploit works against the most recent Flash version 126.96.36.199 and was detected earlier this month by researchers from antivirus provider Kaspersky Lab, according to a blog post published Tuesday by Costin Raiu, the director of the company's global research and analysis team. It's being carried out by "ScarCruft," the name Kaspersky has given to a relatively new hacking group engaged in "advanced persistent threat" campaigns that target companies and organizations for high-value information and data.
A few of months ago, we deployed a new set of technologies into our products designed to identify and block zero day attacks. These technologies already proved its effectiveness earlier this year, when they caught an Adobe Flash zero day exploit, CVE-2016-1010. Earlier this month, we caught another zero-day Adobe Flash Player exploit deployed in targeted attacks.
We believe these attacks are launched by an APT Group we call “ScarCruft”.
Adobe Security Advisory
Security Advisory for Adobe Flash Player
Release date: June 14, 2016
Vulnerability identifier: APSA16-03
CVE number: CVE-2016-4171
Platforms: Windows, Macintosh, Linux and Chrome OS
A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 188.8.131.52 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.
Adobe categorizes this as a critical vulnerability.
Adobe would like to thank Anton Ivanov and Costin Raiu of Kaspersky Lab for reporting CVE-2016-4171 and for working with Adobe to help protect our customers.