Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Lab Finds Flash Vulnerability Through Microsoft Word (neowin.net)

Posted by BeauHD on from the security-bulletin dept.

An anonymous reader quotes a report from Neowin: Kaspersky Lab, which has been under fire by the U.S. government as possibly being an agent of the Russian government and spying on U.S. computers, has found a previously unknown bug in Adobe Flash that was apparently exploited by a hacker group on October 10. Adobe issued a patch to fix the bug today. According to Kaspersky, "the exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware." The company worked with Adobe to get a patch ready as quickly as possible, with Adobe releasing it a few hours ago. Users and agencies running the following versions of Adobe Flash will need to update immediately, as the vulnerability has been labeled as critical. The patch updates all versions of Adobe Flash to version 27.0.0.170.

8 of 50 comments (clear)

  1. What?!!! by Anonymous Coward · · Score: 4, Funny

    Those Russian basta... Oh, um, well, thank you for pointing out this vulnerability.

  2. Re:Russian Ploy by infolation · · Score: 2

    Isn't 'flash' itself an infection? And I am wondering whether it has any purpose now, in 2017.

  3. And vSphere administrators everywhere.... by tk77 · · Score: 4, Insightful

    all cried out in frustration when the vCenter web client stopped working today due to flash suddenly crashing due to an automatic update.... and then further frustrated by the fact they'd have to manually drop back to the vulnerable 27.0.0.159 to actually administer their servers.

    Screw you Adobe. And screw you VMware for still only having a partially implemented HTML5 interface.

    1. Re: And vSphere administrators everywhere.... by tk77 · · Score: 2

      They do have a "partially implemented" HTML5 console but it doesn't currently support all of the features of the main web console which unfortunately, still requires flash.

  4. Re:this old thing? by alvinrod · · Score: 2

    It's not that hard to believe to start with and after all of the information that came out about Russia's olympic team and the government essentially controlling their anti-doping program so that it became a pro-doping program it doesn't seem unlikely at all that the government has its fingers in places where it shouldn't and doesn't wish them seen.

    I don't know whether the Russian government is heavily involved with the company and has them doing anything that can't be admitted publicly, and it's entirely possible that they don't. However, if we're taking bets, my money wouldn't be anywhere near 0% probability of the Russian government having no non-public involvement with Kaspersky.

  5. Re:So the question is ... by WoodstockJeff · · Score: 2

    > Why go public now?

    Because Flash hasn't had a critical vulnerability reported in almost a week, so it was overdue.

  6. Shocking! by PPH · · Score: 2

    To see that people are still using Flash.

    --
    Have gnu, will travel.
  7. Uninstall Flash. by Gravis+Zero · · Score: 3, Insightful

    If you still have a Flash plugin installed then now is the proper time to uninstall it.

    --
    Anons need not reply. Questions end with a question mark.