Flash exploit found in spate of new phishing attacks

By

Exploit carried via Microsoft Word attachments.

Adobe Systems has warned of a vulnerability in its Flash media player, used to attack users in a similar fashion to a threat that impacted security giant RSA last month.

Flash exploit found in spate of new phishing attacks

The zero-day vulnerability in Adobe Flash Player has been exploited by attackers to spread malware to specific email targets whose names are publicly available on the internet.

Attackers have reportedly crafted phishing emails specifically targeted at US government employees and former Government staff embedded within global consulting firms, infecting machines via Microsoft Word attachments carrying the Flash exploit.

Similar threats have previously been found embedded in Microsoft Excel files.

If deployed, the exploit allows the attacker to take control of the targeted computer.

According to malware analyst Mila Parkour, who helped Adobe identify the threat, the malware causes Windows 7 machines running Office 2007 to crash and open a clean Word file while it executes the exploit. The malware fails to execute in Office 2010, while in Windows XP it requires user interaction.

Adobe issued a security advisory overnight classifying the vulnerability as critical.

The advisory listed Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; version 10.2.154.25 and earlier for Chrome users; version 10.2.156.12 and earlier for Android; and the Authplay.dll component that ships with Adobe Reader and Acrobat X for Windows and Macintosh as affected.

A patch date has not been set.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?