Adobe confirms critical Flash zero-day bug

Second flaw in four weeks exploited using Word attachments

By , Computerworld |  Security, Adobe, Adobe Flash

For the second time in the last four weeks, Adobe has told users that hackers are exploiting an unpatched bug in Flash Player, again by embedding malicious code inside a Microsoft Office document.

In a security advisory issued Monday, Adobe said that attackers are exploiting the vulnerability by embedding Flash attack files within a Microsoft Word document sent as an email attachment.

Adobe did not spell out a patch timeline for the newest Flash zero-day.

Four weeks ago, Adobe issued a similar warning about a different flaw that hackers manipulated via attack code tucked inside Excel spreadsheet attachments.

Later, RSA Security confirmed that the March vulnerability had been used by cybercriminals to gain a foothold on its corporate network, then steal information related to the company's SecurID two-factor authentication products.

Adobe patched last month's Flash bug on March 21.

Mila Parkour, the independent security researcher who reported the newest Flash flaw to Adobe, said attackers have inserted a malicious Flash Player file into a Word document named "Disentangling Industrial Policy and Competition Policy," which is then sent to targeted recipients as an attachment.

The email message's subject heading is "Disentangling Industrial Policy and Competition Policy in China," Parkour said in an April 6 entry on her Contagio Malware Dump blog.

One message that Parkour cited claimed the attached Word document was a copy of the American Bar Association's Antitrust Source newsletter , hinting that the target recipients may have been the legal departments at corporations or government agencies.

People seeing the email and attachment could be expected to fall for the ruse, since the most recent issue of Antitrust Source does contain an article by the same name. The legitimate article is available on the newsletter's Web site ( download PDF document ).


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question