Flash Zero-Day Exploit Spotted – Patch Now!

If you’re among the holdouts still running Flash, you have some more updating homework to do. Adobe has issued an out-of-band patch after researchers spotted a Flash zero-day flaw being exploited in the wild.

The discovery was made by Qihoo 360 which on 29 November noticed a targeted APT (Advanced Persistent Threat) attack against a healthcare clinic used by Russian Government officials.

Codenamed “Operation Poison Needles” by Qihoo in honour of its medical theme, the attack uses a Word document mocked up to look like a job application questionnaire embedding a Flash Active X control.