Adobe Systems Inc. today released an urgent update for Flash after the discovery of a serious security vulnerability that’s being used by a group against targets in Russia.

First detected by cybersecurity firm Gigamon, the vulnerability, dubbed CVE-2018-15982, allows for a maliciously crafted Flash object to execute code on a victim’s computer, enabling the attacker to gain command line access to the given system.

The attack using the vulnerability was first detected Nov. 29 and surprisingly was targeting a Russian state healthcare clinic. The distribution used a Russian language Microsoft Word document that was masquerading as an employment application. According to Gigamon, the document contains seven pages of personal questions that typically would be in an employment application.

As is usual with spear phishing campaigns, the Word document included malicious code, in this case, an embedded Flash Active X control in the header that renders upon document opening and causes exploitation of the Flash player within Office. “Following exploitation, a malicious command is executed that attempts to extract and execute an accompanying payload,” the Gigamon security researchers explained.

The origin of the attack is unknown, though it did occur only days after Russian warships seized Ukrainian vessels in the Kerch Strait. Gigamon noted that the final payload in the attack is a variant of the Scout malware from notorious Italian spyware vendor Hacking Team.

Although the vulnerability so far has been detected only in Russia, the urgency of Adobe’s release of the patch highlights how serious it potentially is.

In a security bulletin, Adobe said the vulnerability was present in Adobe Flash Player for Windows, macOS, Linux and Chrome OS and involved one critical vulnerability in Adobe Flash Player and another in Adobe Flash Player installer.

Modern browsers now mostly block Flash content from loading, but many computer users still have the software installed. This vulnerability is independent of browser usage, so it’s recommended that users make sure that their Flash installation is up to date, including this latest security patch.

Image: Thiemo Gillissen/Flickr