Adobe yesterday issued an emergency update for Flash Player after a critical vulnerability in the software was actively exploited. The vulnerability was discovered by security researchers from Gigamon and 360 Core Security. Attackers exploited the vulnerability in an attack on a Russian hospital.
On the 29th of November a targeted attack was performed against “Polyclinic No.2” in Moscow, a Russian state healthcare clinic. The attackers sent phishing mails with documents attached written in Russian. According to SC Managzine, the documents appeared to be an employment application and questionnaire form. Also attached was a .RAR file which contained the Flash exploit.
When the victim activated the Flash file, the exploit allowed the attackers to activate code that gave them command line access to the system. From there they installed a backdoor that gave them full control over the system.
Adobe fixed the issue through an emergency patch for Flash Player 22.214.171.124 and earlier. Updating to Flash Player 126.96.36.199 in which the issue is patched, can be easily done through the automatic update feature on Adobe.com. Google Chrome, Internet Explorer 11 (on Windows 8.1 and Windows 10) and Edge users will have their embedded Flash Player automatically updated through the browser. Users can check on this page which version of Flash Player is currently installed on their system.