Menu
Adobe patches actively exploited vulnerability in Flash Player

Adobe patches actively exploited vulnerability in Flash Player

The vulnerability was used in attacks against users in Syria, but will likely see wider exploitation, Kaspersky Lab researchers said

Adobe Systems released emergency security updates for Flash Player in order to fix a vulnerability that has been exploited in attacks against users since earlier this month.

The attacks were discovered by security researchers from Kaspersky Lab and were launched from a website set up by the Syrian Ministry of Justice to receive complaints about law violations. It's not clear who was behind the attack, but the site had been compromised in the past by hackers.

"We received a sample of the first exploit on April 14, while a sample of the second came on April 16," Vyacheslav Zakorzhevsky, manager of the vulnerability research group at Kaspersky Lab said in a blog post Monday. "The first exploit was initially recorded by KSN [the Kaspersky Security Network] on April 9, when it was detected by a general heuristic signature."

While the two exploits leveraged the same, previously unknown, vulnerability in Flash Player they targeted users in different ways. One exploit could have been used to infect any computer with Flash Player installed, but the second specifically required Adobe Flash Player 10 ActiveX and the Cisco MeetingPlace Express Add-In to be installed on the targeted systems.

The Cisco Unified MeetingPlace Express is a Web collaboration and video conferencing product developed by Cisco Systems and the Kaspersky researchers believe the exploit authors were trying to use it to spy on their targets.

It's not known what kind of malware the exploits delivered because the payload files that they were designed to download and execute on the victim computers had been removed from the remote server where they were hosted by the time the attacks were discovered.

Given the nature of the site used to host the exploits and the fact that all identified victims -- seven unique users -- were based in Syria, "we believe the attack was designed to target Syrian dissidents complaining about the government," Zakorzhevsky said.

The vulnerability was fixed Monday in the newly released Flash Player 13.0.0.206 for Windows and Mac and Flash Player 11.2.202.356 for Linux. The Flash Player versions bundled with Google Chrome, Internet Explorer 10 on Windows 8 and Internet Explorer 11 on Windows 8.1, will get the fix automatically through the respective update mechanisms of those browsers.

"Although we've only seen a limited number attempts to exploit this vulnerability, we're strongly recommending users to update their versions of Adobe Flash Player software," Zakorzhevsky said via email. "It is possible that once information about this vulnerability becomes known, criminals will try to reproduce these new exploits or somehow get the existing variants and use them in other attacks."

It's likely that cybercriminals will try to profit from this vulnerability even with a patch available, because it will take some time for all users to update their Flash Player installations, Zakorzhevsky said. "Unfortunately this vulnerability will be dangerous for a while."

News of this Flash Player zero-day exploit comes after Saturday Microsoft warned customers about attacks exploiting a previously unknown vulnerability in Internet Explorer.


Follow Us

Join the newsletter!

Or
Error: Please check your email address.

Tags securityMicrosoftmalwarespywareonline safetyintrusionCisco SystemspatchesAdobe SystemsExploits / vulnerabilities

Featured

Slideshows

Bumper channel crowd kicks off first After Hours of 2018

Bumper channel crowd kicks off first After Hours of 2018

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Jefferson in Auckland to kick-start 2018. Photos by Gino Demeer.

Bumper channel crowd kicks off first After Hours of 2018
Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Show Comments