Finspy, a spyware that was being sold to government agencies, has been found infecting targets using an Adobe Flash zero-day exploit through Microsoft Office documents that was started by BackOasis. Security researchers from Kaspersky Labs found the Adobe Flash zero-day exploit, tracked as CVE-2017-11292, is a vulnerability that can lead to code execution through Flash Player 21.0.0.226 for all major OS. It has been found that the FinSpy payload exploits the Flash Zero-day vulnerability.
https://thehackernews.com/2017/10/flash-player-zero-day.html
Donald Hoxhaj says
Richard – Your response raises attention to the most important and widely used enterprise and personal software i.e. Adobe Flash and Microsoft Office. Both these are widely used and in fact more than 55% of consumers worldwide use them for their everyday use. Most of these malwares are embedded in Office documents, which people do not realize and unknowingly open it. They manifest themselves and attach them to the computer systems, slowly extracting and learning data communications and critical information. It is time that we have secure systems to protect people from Flash malware.