It rarely takes long for a Zero Day to end up implanted in an exploit kit and, sure enough, a now-patched Adobe hole is staring in two attacks, researchers said.
The Zero Day affected all Flash versions 18.x through 126.96.36.199 and 19.x through 188.8.131.52 on Windows and OS X, and 11.x through 184.108.40.2065 on Linux.
When the Zero Day ended up patched Adobe said, “successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”
Trend Micro, which found the Zero Day said the vulnerability was attacking ministries of foreign affairs in various countries, by a hacking group with ties to the Russian government, known as Sednit or Operation Pawn Storm.
Now with the Zero Day’s details available online, other types of cyber-criminals didn’t wait too long to integrate it into their own tools, said researchers at Malwarebytes.
Malwarebytes, a security provider, detected versions of the Angler and Nuclear exploit kits actively using this bug, trying to compromise its clients’ PCs.