The most recent version of Adobe Flash player is 21.0.0.242, and it is currently vulnerable to active attacks on the net, with no patch available from Adobe until later this week at the earliest. This flaw was detected earlier in the month by Kaspersky Lab and is being exploited by a relatively new group that Kaspersky has named ScarCruft. They have started campaigns targeting data and companies that offer "high value" information.
Costin Raiu, the director of Kaspersky's research and analysis team wrote of the new group, saying:
ScarCruft is a relatively new APT group; victims have been observed in several countries, including Russia, Nepal, South Korea, China, India, Kuwait and Romania. The group has several ongoing operations utilizing multiple exploits—two for Adobe Flash and one for Microsoft Internet Explorer.
Until Adobe releases a patch, it might be prudent to hold off using Adobe Flash whenever possible. This type of exploit may hasten the death of flash, which cannot come too soon for many on the net.
You can read more on the story at Ars Technica.
