February 21, 2014 weblog
Adobe Flash Player updates confront zero-day exploit
Adobe's security updates included those for Adobe Flash Player 188.8.131.52 and earlier versions for Windows and Macintosh and Adobe Flash Player 184.108.40.2066 and earlier versions for Linux. Adobe said that users of Adobe Flash Player 220.127.116.11 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.104.22.168. Users of Adobe Flash Player 22.214.171.1246 and earlier versions for Linux should update to Adobe Flash Player 126.96.36.1991. Adobe Flash Player 188.8.131.52 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 184.108.40.206 for Windows, Macintosh and Linux.
The announcement also provided guidelines for those using Adobe Flash Player 220.127.116.11 installed with Internet Explorer 10 and Internet Explorer 11. Users of Adobe AIR 18.104.22.1680 and earlier versions for Android were told to update to Adobe AIR 22.214.171.1248.
Adobe further explained how users can verify which version of Adobe Flash Player is installed on the user's system and instructions for updating software installations.
The FireEye team that spotted the exploit, meanwhile, offered some observation in a Thursday blogpost about the attack and the attackers. The attack targets were even evident in the headline, "Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit." Commenting further, the team said, "As of this blog post, visitors to at least three nonprofit institutions—two of which focus on matters of national security and public policy—were redirected to an exploit server hosting the zero-day exploit. We're dubbing this attack 'Operation GreedyWonk.'" "They said they believe that GreedyWonk may be related to a May 2012 campaign, "based on consistencies in tradecraft (particularly with the websites chosen for this strategic Web compromise), attack infrastructure, and malware configuration properties."-They said the group behind this campaign appeared to have sufficient resources, such as access to zero-day exploits, and "a determination to infect visitors to foreign and public policy websites."
Meanwhile, Microsoft wasted no time to issue a security advisory on Wednesday, regarding a vulnerability in Internet Explorer that could allow remote code execution. "Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 10. Only Internet Explorer 9 and Internet Explorer 10 are affected by this vulnerability."
helpx.adobe.com/security/produ … layer/apsb14-07.html
© 2014 Phys.org