For the second time this month, Adobe has addressed a zero-day vulnerability in its popular Flash Player.
On Thursday, the company released the security updates which rectify three bugs: a stack overflow vulnerability (CVE-2014-0498) that could allow arbitrary code execution; a memory leak flaw (CVE-2014-0499) that could be used to defeat memory address layout randomization; and a Flash zero-day vulnerability (CVE-2014-0502) that was actively exploited in the wild.
All of the vulnerabilities could potentially allow a saboteur to hijack impacted systems, the company warned.
A Thursday security bulletin from Adobe acknowledged that Google’s security team and security firm FireEye disclosed the Flash zero-day to the company. That same day, researchers at FireEye took to a company blog to detail an attack campaign, dubbed “Operation GreedyWonk,” which leveraged the zero-day exploit to glean information from foreign policy and defense organizations.
According to FireEye, attackers compromised three websites for nonprofit institutions, so that visitors were redirected to an exploit server hosting the zero-day. From there, a remote access tool (RAT) was installed on victims’ computers.
The impacted sites, so far, are those for the Peter G. Peterson Institute for International Economics, the American Research Center in Egypt, and the Smith Richardson Foundation, the blog post revealed.
FireEye said that the GreedyWonk campaign appeared to be related to May 2012 espionage attacks where hackers also bobby trapped websites and leveraged Adobe Flash and Java vulnerabilities to target victims.
“We believe GreedyWonk may be related to a May 2012 campaign outlined by ShadowServer, based on consistencies in tradecraft (particularly with the websites chosen for this strategic Web compromise), attack infrastructure, and malware configuration properties,” FireEye’s blog post said.
“The group behind this campaign appears to have sufficient resources (such as access to zero-day exploits) and a determination to infect visitors to foreign and public policy websites. The threat actors likely sought to infect users to these sites for follow-on data theft, including information related to defense and public policy matters,” the firm revealed.
Adobe’s security updates are for Windows and Mac users running Flash Player 18.104.22.168 and earlier, and for Linux users running Flash Player 22.214.171.1246 and earlier.