SOFTWARE PATCHER Adobe has issued yet another emergency security update for Adobe Flash Player, patching a critical vulnerability dubbed "Operation Greedywonk" that allows attackers to remotely take control of infected systems.
This time, the security patch addresses a vulnerability in Adobe Flash Player versions 18.104.22.168 and earlier for Windows and Mac and versions 22.214.171.1246 and earlier for Linux.
"Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions," the firm said.
The flaw apparently was discovered by security firm Fireeye, which collaborated with Adobe security on this issue. The firm said that it is part of a targeted attack campaign using a zero-day exploit against Flash Player.
"Visitors to at least three nonprofit institutions - two of which focus on matters of national security and public policy - were redirected to an exploit server hosting the zero-day exploit. We're dubbing this attack 'Operation GreedyWonk'," Fireeye said in a blog post.
"We believe Greedywonk may be related to a May 2012 campaign outlined by Shadowserver, based on consistencies in tradecraft (particularly with the websites chosen for this strategic Web compromise), attack infrastructure, and malware configuration properties."
Fireye seemed to think that the group behind this campaign has sufficient resources, such as access to zero-day exploits, and determination to infect visitors to foreign and public policy websites.
"The threat actors likely sought to infect users to these sites for follow-on data theft, including information related to [defence] and public policy matters," the firm added.
Affected Adobe software includes Adobe Flash Player 126.96.36.199 and earlier versions for Windows and Macintosh, Adobe Flash Player 188.8.131.526 and earlier versions for Linux, Adobe AIR 184.108.40.2060 and earlier versions for Android, Adobe AIR 220.127.116.110 SDK and earlier versions, and Adobe AIR 18.104.22.1680 SDK & Compiler and earlier versions.
To update to the latest version of Flash Player as recommended by Adobe, users should download it from the Adobe Flash Player Download Centre or via the update mechanism within the product when prompted.
It was only earlier this month that Adobe patched Flash player for a very similar bug that affected Adobe Flash Player versions 22.214.171.124 and earlier. µ
Sign up for INQbot – a weekly roundup of the best from the INQ