Serious Flash vulnerability fixed by Adobe within hours

Adobe has acknowledged a serious vulnerability in its Flash player plugin and has issued a fix to address the issue within hours of a report published by security software firm, FireEye.

According to FireEye, the zero-day exploit was used by attackers to target visitors of the websites of three nonprofit organizations; Peterson Institute for International Economics, American Research Center and Smith Richardson Foundation. The visitors to these websites were redirected to an exploit server using code-injection.

FireEye has identified the attack as codename GreedyWonk and believes that the perpetrators who allegedly speak Chinese, "have sufficient resources (such as access to zero-day exploits) and a determination to infect visitors to foreign and public policy websites." The attackers behind GreedyWonk are likely seeking sensitive government data similar to a recent report, as two out of the three websites deal with matters of national security and public policy.

The exploit is reported to affect users with Windows XP, Windows 7 running Java 1.6 and those running Microsoft Office 2007 or 2010 without the latest updates. Adobe has been quick to update Flash player with a fix for the reported exploit and has urged users to update the plugins in case they have disabled the automatic updates.

Source: V3 | Security image via Shutterstock

Report a problem with article
Previous Story

YouTube gets a redesign aimed at large screens, still not there yet

Next Story

Samsung drops a new teaser video for Galaxy S5 ahead of Monday's reveal

25 Comments - Add comment