Another day, another Flash vulnerability. A team of researchers at security company FireEye has discovered that a security flaw in Adobe Flash is being actively exploited as part of a large-scale e-mail phishing campaign.
The vulnerability in question is CVE-2015-3113, and it can allow an attacker to remotely execute arbitrary code. All major operating systems are vulnerable. Adobe has already issued a patch, which you should go and apply if you haven't already.
At least one group, which FireEye calls APT3, is actively exploiting this vulnerability. The group is sending out phishing emails with links pointing to compromised servers, which then prompt the user to download booby-trapped SWF and FLV files. FireEye claims that APT3 operates in a structured fashion with command-and-control centers, and targets high-profile targets such as aerospace, defense, and high-tech industries.