Adobe has rolled out an emergency patch for its Flash Player software to fix a vulnerability that has reportedly been exploited by a Chinese cyber-espionage group known as APT3.
According to security specialist FireEye, which says that the group is "one of the more sophisticated threat groups" that it's seen, APT3 has been using the exploit for several weeks, including a "large-scale phishing campaign against organizations in the following industries: Aerospace and Defense, Construction and Engineering, High Tech, Telecommunications [and] Transportation".
Adobe has acknowledged the exploit and "reports that CVE-2015-3113 [the critical vulnerability] is being actively exploited in the wild via limited, targeted attacks". It also said that "systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets", but the security update it's now rolling out applies not just to Windows, but also Mac and Linux devices.
Adobe advises that users install the latest version of Flash Player without delay. On many systems, this update will be applied automatically, but if you've opted out of the 'allow Adobe to install updates' feature, you'll need to manually update to the newest version to ensure that your device is protected.
35 Comments - Add comment