Adobe releases another zero-day fix for Flash

Share this article:

For the second time this month, Adobe has addressed a zero-day vulnerability in its popular Flash Player.

On Thursday, the company released the security updates which rectify three bugs: a stack overflow vulnerability (CVE-2014-0498) that could allow arbitrary code execution; a memory leak flaw (CVE-2014-0499) that could be used to defeat memory address layout randomization; and a Flash zero-day vulnerability (CVE-2014-0502) that was actively exploited in the wild.

All of the vulnerabilities could potentially allow a saboteur to hijack impacted systems, the company warned.

A Thursday security bulletin from Adobe acknowledged that Google's security team and security firm FireEye disclosed the Flash zero-day to the company. That same day, researchers at FireEye took to a company blog to detail an attack campaign, dubbed “Operation GreedyWonk,” which leveraged the zero-day exploit to glean information from foreign policy and defense organizations.

According to FireEye, attackers compromised three websites for nonprofit institutions, so that visitors were redirected to an exploit server hosting the zero-day. From there, a remote access tool (RAT) was installed on victims' computers.

The impacted sites, so far, are those for the Peter G. Peterson Institute for International Economics, the American Research Center in Egypt, and the Smith Richardson Foundation, the blog post revealed.

FireEye said that the GreedyWonk campaign appeared to be related to May 2012 espionage attacks where hackers also bobby trapped websites and leveraged Adobe Flash and Java vulnerabilities to target victims.

"We believe GreedyWonk may be related to a May 2012 campaign outlined by ShadowServer, based on consistencies in tradecraft (particularly with the websites chosen for this strategic Web compromise), attack infrastructure, and malware configuration properties,” FireEye's blog post said.

“The group behind this campaign appears to have sufficient resources (such as access to zero-day exploits) and a determination to infect visitors to foreign and public policy websites. The threat actors likely sought to infect users to these sites for follow-on data theft, including information related to defense and public policy matters,” the firm revealed.

Adobe's security updates are for Windows and Mac users running Flash Player 12.0.0.44 and earlier, and for Linux users running Flash Player 11.2.202.336 and earlier.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Skills in demand: Communications and messaging experts

Skills in demand: Communications and messaging experts

The demand for infosec-focused communications and messaging pros is growing.

Company news: New execs at Malwarebytes and an acquisition by VMware

The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.