Adobe announced today an emergency patch for Thursday, June 16, to fix a zero-day in Flash Player exploited in the wild.
According to Anton Ivanov and Costin Raiu of Kaspersky, the vulnerability was used in targeted attacks.
The term "targeted attacks" is one used to describe attacks during which the threat group points the malicious code only against a limited set of individuals. Such exploits are usually found in the arsenal of private or state-sponsored cyber-espionage groups.
Zero-day used for cyber-espionage by new StarCruft APT
The vulnerability ID assigned to this zero-day is CVE-2016-4171, and Adobe says it affects Flash Player 21.0.0.242 and earlier versions, running on Windows, Macintosh, Linux, and Chrome OS. Flash Player 21.0.0.242 is the company's most recent version, so this means the zero-day affects all Flash installations.
An attacker can use CVE-2016-4171 to crash a Flash Player installation in an unsafe way that then allows it to run malicious code on the user system and take over the machine.
