Adobe patches actively exploited vulnerability in Flash Player

The vulnerability was used in attacks against users in Syria, but will likely see wider exploitation, Kaspersky Lab researchers said

Adobe Systems released emergency security updates for Flash Player in order to fix a vulnerability that has been exploited in attacks against users since earlier this month.

The attacks were discovered by security researchers from Kaspersky Lab and were launched from a website set up by the Syrian Ministry of Justice to receive complaints about law violations. It's not clear who was behind the attack, but the site had been compromised in the past by hackers.

"We received a sample of the first exploit on April 14, while a sample of the second came on April 16," Vyacheslav Zakorzhevsky, manager of the vulnerability research group at Kaspersky Lab said in a blog post Monday. "The first exploit was initially recorded by KSN [the Kaspersky Security Network] on April 9, when it was detected by a general heuristic signature."

While the two exploits leveraged the same, previously unknown, vulnerability in Flash Player they targeted users in different ways. One exploit could have been used to infect any computer with Flash Player installed, but the second specifically required Adobe Flash Player 10 ActiveX and the Cisco MeetingPlace Express Add-In to be installed on the targeted systems.

The Cisco Unified MeetingPlace Express is a Web collaboration and video conferencing product developed by Cisco Systems and the Kaspersky researchers believe the exploit authors were trying to use it to spy on their targets.

It's not known what kind of malware the exploits delivered because the payload files that they were designed to download and execute on the victim computers had been removed from the remote server where they were hosted by the time the attacks were discovered.

Given the nature of the site used to host the exploits and the fact that all identified victims -- seven unique users -- were based in Syria, "we believe the attack was designed to target Syrian dissidents complaining about the government," Zakorzhevsky said.

The vulnerability was fixed Monday in the newly released Flash Player 13.0.0.206 for Windows and Mac and Flash Player 11.2.202.356 for Linux. The Flash Player versions bundled with Google Chrome, Internet Explorer 10 on Windows 8 and Internet Explorer 11 on Windows 8.1, will get the fix automatically through the respective update mechanisms of those browsers.

"Although we've only seen a limited number attempts to exploit this vulnerability, we're strongly recommending users to update their versions of Adobe Flash Player software," Zakorzhevsky said via email. "It is possible that once information about this vulnerability becomes known, criminals will try to reproduce these new exploits or somehow get the existing variants and use them in other attacks."

It's likely that cybercriminals will try to profit from this vulnerability even with a patch available, because it will take some time for all users to update their Flash Player installations, Zakorzhevsky said. "Unfortunately this vulnerability will be dangerous for a while."

News of this Flash Player zero-day exploit comes after Saturday Microsoft warned customers about attacks exploiting a previously unknown vulnerability in Internet Explorer.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags patchesonline safetyMicrosoftsecurityAdobe SystemsExploits / vulnerabilitiesspywaremalwareintrusionCisco Systems

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?