The Inquirer-Home

Adobe issues yet another emergency Flash Player patch for Windows, Mac and Linux

Targeted attack campaign uses a zero-day exploit
Fri Feb 21 2014, 11:16
adobe

SOFTWARE PATCHER Adobe has issued yet another emergency security update for Adobe Flash Player, patching a critical vulnerability dubbed "Operation Greedywonk" that allows attackers to remotely take control of infected systems.

This time, the security patch addresses a vulnerability in Adobe Flash Player versions 12.0.0.44 and earlier for Windows and Mac and versions 11.2.202.336 and earlier for Linux.

"Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions," the firm said.

The flaw apparently was discovered by security firm Fireeye, which collaborated with Adobe security on this issue. The firm said that it is part of a targeted attack campaign using a zero-day exploit against Flash Player.

"Visitors to at least three nonprofit institutions - two of which focus on matters of national security and public policy - were redirected to an exploit server hosting the zero-day exploit. We're dubbing this attack 'Operation GreedyWonk'," Fireeye said in a blog post.

"We believe Greedywonk may be related to a May 2012 campaign outlined by Shadowserver, based on consistencies in tradecraft (particularly with the websites chosen for this strategic Web compromise), attack infrastructure, and malware configuration properties."

Fireye seemed to think that the group behind this campaign has sufficient resources, such as access to zero-day exploits, and determination to infect visitors to foreign and public policy websites.

"The threat actors likely sought to infect users to these sites for follow-on data theft, including information related to [defence] and public policy matters," the firm added.

Affected Adobe software includes Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.336 and earlier versions for Linux, Adobe AIR 4.0.0.1390 and earlier versions for Android, Adobe AIR 3.9.0.1390 SDK and earlier versions, and Adobe AIR 3.9.0.1390 SDK & Compiler and earlier versions.

To update to the latest version of Flash Player as recommended by Adobe, users should download it from the Adobe Flash Player Download Centre or via the update mechanism within the product when prompted.

It was only earlier this month that Adobe patched Flash player for a very similar bug that affected Adobe Flash Player versions 12.0.0.43 and earlier. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Masque malware is putting iPad and iPhone user data at risk

Has news of iOS malware made you reconsider getting an iPhone?