Researchers at Trend Micro have discovered a new zero-day vulnerability in the much-maligned Adobe Flash Player that leaves users vulnerable to remote attacks. The exploit code is being used by the politically-motivated cyberespionage group Pawn Storm in a widespread spear phishing campaign targeted at various government entities. Adobe has yet to patch this vulnerability and will likely issue an emergency fix in the next couple days. Here's what can be done in the interim to protect yourself.
Anatomy of the Exploit
Specially-crafted emails containing false links to newsworthy articles are sent to targeted email accounts. Upon clicking a link, the victim unknowingly activates malicious code that in turn exploits local Flash player installations, leading to compromised credentials and data theft.
Example subject lines and link titles in the malicious emails include:
“Suicide car bomb targets NATO troop convoy Kabul”
“Syrian troops make gains as Putin defends air strikes”
“Israel launches airstrikes on targets in Gaza”
“Russia warns of response to reported US nuke buildup in Turkey, Europe”
“US military reports 75 US-trained rebels return Syria”
This Adobe Flash zero-day vulnerability affects at least Adobe Flash Player versions 184.108.40.206 and 220.127.116.11. In the absence of a patch from Adobe, it's highly recommended that the above versions of Flash be disabled—or better yet, uninstalled from your systems entirely. UpGuard can automatically scan your entire environment for vulnerable versions of Flash, notifying you if exploitable versions are detected on an ongoing basis.
Update - 10/16/2015: Adobe has since issued a patch for the vulnerability. Download it here.
All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >