Cyber criminals leverage iPhone 5 hype for Flash exploit

Malware writers and criminal groups are capitalising on the rampant speculation surrounding Apple's next iPhone to infect users, say experts.

Researchers with Symantec said that a recent rash of malware attacks have been spotted which use the lure of iPhone 5 news to convince users to run exploit code.

According to the company, the attacks are triggered by spam messages which claim to include new rumours and information about the new iPhone. Upon loading the attached Word file, a victim is then presented with an exploit which targets an ActiveX browser plug-in for the Adobe Flash platform.

On unpatched versions of Flash, the exploit is able to cause a crash and allow for the installation of a trojan which then drops its own malicious payload.

"The .doc files attached to the email contain hidden malicious .swf files," the researchers said.

"The .swf files then drop more files onto the compromised computer, which are then opened."

The flaw targeted in the attack, which is only vulnerable on Windows systems which are running the Internet Explorer browser, was patched by Adobe last week. Users can protect themselves from the attack by updating to the latest version of Flash.

While major news items and celebrities have long been a popular malware lure, the tide of speculation which has surrounded the development and release of the new iPhone could be particularly effective for criminals.

Though Apple has yet to provide any formal confirmation on the features and availability for the next iPhone, the company is widely believed to be planning to unveil the device on 12 September, with general release planned for late September or early October.