Flash Player zero-day exploit is being used in the wild by a cyberespionage group

Adobe Systems warned users Tuesday that an unpatched Flash Player vulnerability is currently being exploited in targeted attacks. The company expects to deliver a patch as soon as Thursday.

The exploit was discovered by researchers from antivirus vendor Kaspersky Lab in attacks attributed to a cyberespionage group known in the security industry as ScarCruft.

The group is relatively new, but is apparently quite resourceful, as this is possibly the second zero-day — previously unknown and unpatched — exploit that it used this year.

The other exploit targeted a critical remote code execution vulnerability in Microsoft XML Core Services that was tracked as CVE-2016-0147 and was patched by Microsoft in April.

To read this article in full or to leave a comment, please click here