Symantec offers some more details on the attack targeting a now-patched flaw in Adobe Flash Player. The attacks were continuing as of Aug. 21, targeting unpatched machines.
Attackers are targeting a patched bug in Adobe Flash Player spread
via malicious Microsoft Word documents.
The attacks are focused on CVE-2012-1535, a remote code
execution vulnerability that impacts Windows, Macs and Linux systems. Adobe
Systems patched the flaw Aug. 14 in a regular security update.
However, attackers are still on the lookout for unpatched computers.
If exploited, the bug can be used to enable an attacker to take control of the
compromised machine. According
, attackers have been targeting the flaw for the past couple of
weeks using malicious Word documents.
The Word files came in emails with a variety of subjects,
including some about the iPhone 5, seemingly business-related titles such as
"IT Notice" and an email about the effect of the Olympic games on
"The Word document contains a malicious SWF file
using the shellcode
within it," explained Symantec's Bhaskar Krishna. In an Aug. 21 blog. An "excerpt from the SWF ActionScript
indicates involvement of a font file that is used to trigger the vulnerability.
A large number of the attacks were sent out Aug. 13, the
researcher noted. As of Aug. 21 Symantec had blocked some 1,300 samples.
According to Adobe, the exploit targets the ActiveX version of Flash Player for
Internet Explorer on Windows.
"We would recommend that users keep their systems
up-to-date with the latest security
released by Adobe for this vulnerability," Krishna blogged.
On Aug. 21, Adobe issued a second massive patch update for
Flash Player, this time addressing six bugs affecting versions 11.3.300.271 and
earlier for Windows, Macintosh and Linux as well as Flash Player 184.108.40.206
and earlier versions for Android 4.x. Adobe Flash Player 220.127.116.11. Earlier versions
for Android 3.x and 2.x were also impacted.
Four of the vulnerabilities are memory corruption issues,
while the remaining two are an integer overflow bug and a cross-domain
information leak vulnerability. According to Adobe, the updates address issues
that could cause a crash and potentially allow an attacker to take control of
the affected system.