Urging users to immediately patch their systems to prevent hacking attacks via web browsers, Adobe has today issued a warning that hackers are exploiting vulnerabilities in its Flash multimedia software platform, Reuters reports. The company has also released a security update to fix the bug, which affected Google’s Chrome, Microsoft’s Edge and Internet Explorer browsers.
The warning came after cyber security firm Kaspersky Lab Inc said a group it was tracking, BlackOasis, used the previously unknown weakness on Oct. 10 to plant malicious software on computers before connecting them back to servers in Switzerland, Bulgaria and the Netherlands.
Kaspersky said the malware, known as FinSpy or FinFisher, is a commercial product typically sold to nation states and law enforcement agencies to conduct surveillance.
The BlackOasis is found to primarily target Middle Eastern politicians and UN officials engaged in the region, as well as opposition bloggers and activists, and regional news correspondents. Majority of victims have been observed in Russia, Iraq, Afghanistan, the United Kingdom, Iran and elsewhere in Africa and the Middle East.
The late Apple CEO Steve Jobs used to heavily criticize Flash technology, whereas alternatives such as HTML5 and several web browsers now also require users to manually enable Flash before running it.
Earlier this year, Adobe announced that it would pull the plug on its Flash technology permanently by the end of 2020.