The Inquirer-Home

Adobe issues yet another emergency Flash Player patch for Windows, Mac and Linux

Targeted attack campaign uses a zero-day exploit
Fri Feb 21 2014, 11:16

SOFTWARE PATCHER Adobe has issued yet another emergency security update for Adobe Flash Player, patching a critical vulnerability dubbed "Operation Greedywonk" that allows attackers to remotely take control of infected systems.

This time, the security patch addresses a vulnerability in Adobe Flash Player versions and earlier for Windows and Mac and versions and earlier for Linux.

"Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions," the firm said.

The flaw apparently was discovered by security firm Fireeye, which collaborated with Adobe security on this issue. The firm said that it is part of a targeted attack campaign using a zero-day exploit against Flash Player.

"Visitors to at least three nonprofit institutions - two of which focus on matters of national security and public policy - were redirected to an exploit server hosting the zero-day exploit. We're dubbing this attack 'Operation GreedyWonk'," Fireeye said in a blog post.

"We believe Greedywonk may be related to a May 2012 campaign outlined by Shadowserver, based on consistencies in tradecraft (particularly with the websites chosen for this strategic Web compromise), attack infrastructure, and malware configuration properties."

Fireye seemed to think that the group behind this campaign has sufficient resources, such as access to zero-day exploits, and determination to infect visitors to foreign and public policy websites.

"The threat actors likely sought to infect users to these sites for follow-on data theft, including information related to [defence] and public policy matters," the firm added.

Affected Adobe software includes Adobe Flash Player and earlier versions for Windows and Macintosh, Adobe Flash Player and earlier versions for Linux, Adobe AIR and earlier versions for Android, Adobe AIR SDK and earlier versions, and Adobe AIR SDK & Compiler and earlier versions.

To update to the latest version of Flash Player as recommended by Adobe, users should download it from the Adobe Flash Player Download Centre or via the update mechanism within the product when prompted.

It was only earlier this month that Adobe patched Flash player for a very similar bug that affected Adobe Flash Player versions and earlier. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?