Adobe Patches Flash ZeroDay Used To Plant Surveillance Software

Second time in four weeks FINSPY lawful intercept tool and a zero-day found together.

Adobe
released a patch
for a critical, remote code execution zero-day vulnerability in Adobe Flash Player today. Kasperksy Lab discovered the vulnerability when it saw the BlackOasis threat group using the FINSPY (aka FinFisher) surveillance tool to exploit the bug in attacks last week, according to a
Reuters report
; Adobe acknowledged Kaspersky researcher Anton Ivanov in its advisory.
A type confusion vulnerability in Flash,
CVE-2017-11292
impacts Flash running on Windows, Macintosh, Linux and Chrome OS. The attacks witnessed in-the-wild were targeted and against Windows machines.
FINSPY can be bought by law enforcement and nation-state intelligence agencies as part of lawful intercept surveillance tools. Last month,
Microsoft patched a zero-day
vulnerability in Office, discovered by FireEye, that was also being used to spread FINSPY. It was the second zero-day being used to spread FINSPY that FireEye had discovered this year.
For more information see the
Adobe release
and
Reuters
.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity
agenda here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Adobe Patches Flash ZeroDay Used To Plant Surveillance Software