Cybercriminals adopt recently patched zero-day exploit in a flash
Just four days after Adobe Systems patched a vulnerability in Flash Player, the exploit was adopted by cybercriminals for use in large-scale attacks. This highlights the increasingly small time frame users have to deploy patches.
On Saturday, a malware researcher known online as Kafeine spotted a drive-by download attack done with the Magnitude exploit kit that was exploiting a Flash Player vulnerability patched Tuesday.
The flaw, tracked as CVE-2015-3113 in the Common Vulnerabilities and Exposures database, had zero-day status—that is, it was previously unpatched—when Adobe released a patch for it. It had already been exploited by a China-based cyberespionage group for several weeks in targeted attacks against organizations from the aerospace, defense, construction, engineering, technology, telecommunications and transportation industries.