All the latest UK technology news, reviews and analysis


Adobe rushes emergency fix for critical Windows and Mac OS Flash flaw

05 Feb 2014
Adobe Systems logo

Adobe has released a patch for a critical flaw in its Flash Player, which is believed to have been actively exploited by hackers.

The patch addresses a flaw prevalent in the Windows and Mac OS versions of Adobe Flash Player 12.0.0.43 and earlier, and Adobe Flash Player 11.2.202.335 and earlier in Linux.

The vulnerability was originally discovered by Kaspersky Labs researchers on 3 February. The Kaspersky researchers warned that the vulnerability is being used by an advanced group of hackers to mount sophisticated attacks capable of bypassing most security tools.

"During the past months we have been busy analysing yet another sophisticated cyber espionage operation, which has been going on at least since 2007, infecting victims in 27 countries. We deemed this operation 'The Mask'," read the research note.

"The Mask is leveraging high-end exploits, an extremely sophisticated malware which includes a bootkit and rootkit, Mac and Linux versions and a customised attack against Kaspersky products. This is putting them above Duqu in terms of sophistication, making it one of the most advanced threats at the moment."

Adobe confirmed it is aware of reports that attackers are using the vulnerability to target its customer base, and urged users to install the patch sooner rather than later.

"These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system. Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions," read the advisory.

F-Secure security analyst Sean Sullivan suggested the sophisticated nature of the campaign indicates that The Mask hackers are state sponsored, but warned that it is only a matter of time before criminals begin exploiting the Flash flaw.

"Currently, it is probably limited to high-end APT nation state stuff. But now that the patch is out crimeware kits will start moving to adopt and develop exploits for the vulnerability," he said.

State-sponsored hacking has been a growing issue for companies. The number of attacks and APT campaigns believed to be government sponsored has been gradually growing over the past few years.

Researchers from security firm CrowdStrike reported uncovering a campaign targeting numerous European energy companies, codenamed Energetic Bear, in January. The campaign is allegedly state sponsored.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
14%
3%
9%
4%
23%
4%
43%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Project Leader (change)

Project Leader (change) x2 My large corporate client...

Technical Service Delivery Manager - Urgent - Infrastructure

Technical Service Delivery Manager - Urgent - IT, Infrastructure...

Enterprise Architect

Seeking applications for a “ Enterprise Architect...

Business Analyst

We have a fantastic opportunity for a Business Analyst...
To send to more than one email address, simply separate each address with a comma.