Flash 0-day exploited in watering hole attacks, Adobe provides patch

Adobe has pushed out new versions of Flash Player for Windows, Mac and Linux, as a newly discovered zero-day vulnerability affecting the software is being actively exploited in the wild.

In the security bulletin the company published to warn users and urge them to update, Kaspersky Lab researcher Alexander Polyakov has been credited with discovering the attacks. Almost simultaneously the Russian security company published a blog post detailing them.

The researchers discovered two separate SWF exploits that took advantage of the vulnerability, which is located in the Pixel Bender component, designed for video and image processing.

The exploits are packed into two .swf files, and both positioned in a innocuous-looking folder on a compromised site.

“The site was launched back in 2011 by the Syrian Ministry of Justice and was designed as an online forum for citizens to complain about law and order violations. We believe the attack was designed to target Syrian dissidents complaining about the government,” shared Kaspersky Lab expert Vyacheslav Zakorzhevsky.

The victims were probably redirected to the exploits using a frame or a script located at the site and, according to the company’s products’ detections, seven unique users located in Syria have been affected.

“It’s likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it,” says Zakorzhevsky. The exploits are well-written, and the fact a vulnerability in the not longer supported Pixel Bender component was targeted seems to imply that they were eager for the exploit not to be noticed for a long time.

“We are sure that all these tricks were used in order to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. We believe that the Cisco add-in may be used to download/implement the payload as well as to spy directly on the infected computer,” Zakorzhevsky notes.

This is good news for other users, but not for long.

“Although we’ve only seen a limited number attempts to exploit this vulnerability, we’re strongly recommending users to update their versions of Adobe Flash Player software. It is possible that once information about this vulnerability becomes known, criminals would try to reproduce these new exploits or somehow get the existing variants and use it in other attacks,” he warned.

“Even with a patch available, cybercriminals would expect to profit from this vulnerability because a worldwide update of software as widely used as Flash Player will take some time. Unfortunately this vulnerability will be dangerous for a while.”

Only Windows users are currently in danger, but Adobe advises all to update to the latest versions.

Don't miss