Another critical vulnerability in Flash. There is no end to it. The active zero-day exploit works against the most recent Flash version 18.104.22.168 and was detected earlier this month by researchers from antivirus provider Kaspersky Lab, according to a blog post published Tuesday by Costin Raiu, the director of the company's global research and analysis team. It's being carried out by "ScarCruft," the name Kaspersky has given to a relatively new hacking group engaged in "advanced persistent threat" campaigns that target companies and organizations for high-value information and data. Source: ArsTechnica A few of months ago, we deployed a new set of technologies into our products designed to identify and block zero day attacks. These technologies already proved its effectiveness earlier this year, when they caught an Adobe Flash zero day exploit, CVE-2016-1010. Earlier this month, we caught another zero-day Adobe Flash Player exploit deployed in targeted attacks. We believe these attacks are launched by an APT Group we call “ScarCruft”. Source: SecureList Adobe Security Advisory Security Advisory for Adobe Flash Player Release date: June 14, 2016 Vulnerability identifier: APSA16-03 CVE number: CVE-2016-4171 Platforms: Windows, Macintosh, Linux and Chrome OS Summary A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog. Severity ratings Adobe categorizes this as a critical vulnerability. Acknowledgments Adobe would like to thank Anton Ivanov and Costin Raiu of Kaspersky Lab for reporting CVE-2016-4171 and for working with Adobe to help protect our customers.