Adobe patched 2 crucial security flaws in Flash Player, each of that were below active attack. If you do not have automatic updates enabled, you have to download the newest version and install it immediately.
The company is mindful of attacks inside the wild targeting Flash versions for Windows and Mac OS X, Adobe mentioned in its emergency security advisory released Feb. 7. Users on these operating systems running Flash Player 11. five. 502. 146 and previously ought to update to the newest Adobe Flash Player 11. five. 502. 149 when potential, Adobe mentioned in its advisory. Adobe additionally released updated Flash Player versions for Linux and Android, however these 2 platforms aren't nowadays below attack.Google can automatically update the actual Flash Player integrated within Chrome and Microsoft can do the same thing for Internet Explorer 10. Users can check here to discover what Flash version they've installed and whether or not they got to update.
" These updates address vulnerabilities that can lead to an accident and potentially enable an attacker to bring management from the affected system, " Adobe mentioned inside the advisory.
Bugs Under Attack
Attackers exploited CVE-2013-0633 via a booby-trapped Microsoft Word document containing malicious Flash code hooked up to an email. This exploited targeted the actual ActiveX version of Flash Player on Windows, consistent with Adobe. A effective compromise might result inside the attacker having the ability to remotely execute code and also have full management, Adobe warned.
The different vulnerability, CVE-2013-0634, targeted Safari and Firefox on Mac OS X. Users who landed upon the website hosting malicious Flash content material triggered a drive-by-download attack. A drive-by-download refers to some type of attack which executes automatically without having the user getting to carry out something. This vulnerability is likewise becoming used against Windows users via malicious Word documents. This bug, if exploited successfully, might additionally offer the actual attacker full management from the pc.
A drive-by-download is dangerous as a result of " the actual usual user interaction, warnings and safeguards in your software are bypassed in order that merely reading a web page or viewing a document might result within the surreptitious background install, " Paul Ducklin, of Sophos, wrote upon the Naked Security blog.
Targeted Attacks Against Who?
There are not a great deal of details in regards to the attacks themselves, however Adobe credited members from the Shadowserver Foundation, Lockheed Martin's Computer Incident Response Team, and MITRE for reporting the actual Mac vulnerability. Kaspersky Lab researchers are credited along with searching for the Windows bug. It's potential which Lockheed Martin and MITRE were named since they found the actual malicious Word documents within the targeted attack against their systems. Such attacks are typical inside the defense, aerospace, and different industries, and Lockheed Martin has noticed similar attacks during the past.
Researchers along with FireEye Malware Intelligence Lab have analyzed the actual Word documents designed to target Windows systems and identified an action script named " LadyBoyle " inside the actual Flash code. The LadyBoyle script drops multiple executable files and also a DLL library file onto Windows devices using the ActiveX element installed, Thoufique Haq, a FireEye researcher, wrote upon the lab's blog. While the actual attack files were compiled as recently as Feb. four, the actual malware family isn't new and also has been observed in previous attacks, Haq mentioned.
" It is fascinating to note which albeit the actual contents of Word files are actually in English, the actual codepage of Word files are 'Windows Simplified Chinese (PRC, Singapore) ', " Haq wrote.
One from the dropped executable files additionally has an invalid digital certificate from MGame, a Korean gaming company. Like several other kinds of active malware, this type of variant checks if antivirus tools from Kaspersky Lab or ClamAV is running on the internal system, consistent with FireEye.
The company is mindful of attacks inside the wild targeting Flash versions for Windows and Mac OS X, Adobe mentioned in its emergency security advisory released Feb. 7. Users on these operating systems running Flash Player 11. five. 502. 146 and previously ought to update to the newest Adobe Flash Player 11. five. 502. 149 when potential, Adobe mentioned in its advisory. Adobe additionally released updated Flash Player versions for Linux and Android, however these 2 platforms aren't nowadays below attack.Google can automatically update the actual Flash Player integrated within Chrome and Microsoft can do the same thing for Internet Explorer 10. Users can check here to discover what Flash version they've installed and whether or not they got to update.
" These updates address vulnerabilities that can lead to an accident and potentially enable an attacker to bring management from the affected system, " Adobe mentioned inside the advisory.
Bugs Under Attack
Attackers exploited CVE-2013-0633 via a booby-trapped Microsoft Word document containing malicious Flash code hooked up to an email. This exploited targeted the actual ActiveX version of Flash Player on Windows, consistent with Adobe. A effective compromise might result inside the attacker having the ability to remotely execute code and also have full management, Adobe warned.
The different vulnerability, CVE-2013-0634, targeted Safari and Firefox on Mac OS X. Users who landed upon the website hosting malicious Flash content material triggered a drive-by-download attack. A drive-by-download refers to some type of attack which executes automatically without having the user getting to carry out something. This vulnerability is likewise becoming used against Windows users via malicious Word documents. This bug, if exploited successfully, might additionally offer the actual attacker full management from the pc.
A drive-by-download is dangerous as a result of " the actual usual user interaction, warnings and safeguards in your software are bypassed in order that merely reading a web page or viewing a document might result within the surreptitious background install, " Paul Ducklin, of Sophos, wrote upon the Naked Security blog.
Targeted Attacks Against Who?
There are not a great deal of details in regards to the attacks themselves, however Adobe credited members from the Shadowserver Foundation, Lockheed Martin's Computer Incident Response Team, and MITRE for reporting the actual Mac vulnerability. Kaspersky Lab researchers are credited along with searching for the Windows bug. It's potential which Lockheed Martin and MITRE were named since they found the actual malicious Word documents within the targeted attack against their systems. Such attacks are typical inside the defense, aerospace, and different industries, and Lockheed Martin has noticed similar attacks during the past.
Researchers along with FireEye Malware Intelligence Lab have analyzed the actual Word documents designed to target Windows systems and identified an action script named " LadyBoyle " inside the actual Flash code. The LadyBoyle script drops multiple executable files and also a DLL library file onto Windows devices using the ActiveX element installed, Thoufique Haq, a FireEye researcher, wrote upon the lab's blog. While the actual attack files were compiled as recently as Feb. four, the actual malware family isn't new and also has been observed in previous attacks, Haq mentioned.
" It is fascinating to note which albeit the actual contents of Word files are actually in English, the actual codepage of Word files are 'Windows Simplified Chinese (PRC, Singapore) ', " Haq wrote.
One from the dropped executable files additionally has an invalid digital certificate from MGame, a Korean gaming company. Like several other kinds of active malware, this type of variant checks if antivirus tools from Kaspersky Lab or ClamAV is running on the internal system, consistent with FireEye.
No comments:
Post a Comment