RSS Alerts

Share

More services

Related Links

Related Stories

  • Adobe’s patches for January 2013
    Adobe has released security updates for Adobe Reader and Adobe Flash Player, and has re-issued its ColdFusion advisory. The Reader update covers 26 vulnerabilities while the Flash update covers a critical vulnerability.
  • 2012: The Year Malware Went Nuclear
    Kaspersky Lab has broken down the top security stories of 2012, and the list is certainly filled full of doozies. The Mac OS X Flashback epidemic, cyber-espionage, the Android mobile malware explosion and Java zero-days are but a few of the greatest hits, or worst hits, as it were, of the year.
  • Adobe fixes seven vulnerabilities in Flash Player
    The issues addressed include five buffer overflow vulnerabilities, a memory corruption vulnerability, and a security bypass issue. The vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
  • 25 critical updates in Adobe Flash fix
    Just slightly out of kilter with today’s Microsoft ‘Patch Tuesday’, Adobe yesterday issued a patch for 25 Flash vulnerabilities (14 buffer overflows and 11 memory corruption flaws), and another patch for Adobe AIR.
  • New patches for Adobe Flash Player
    Adobe has issued new patches for Flash on Windows, Mac, Linux and Android, for Air on Windows and Mac, and for the Air SDK. The updates address critical vulnerabilities, and Adobe recommends that all users should update to the latest versions.

Top 5 Stories

News

Two exploited 0-day Flash flaws patched in emergency Adobe update

08 February 2013

In recent months Adobe has attempted to align a monthly patch schedule with Microsoft’s Patch Tuesday – but it doesn’t work for out-of-band emergency fixes. Yesterday Adobe patched two actively exploited zero-day vulnerabilities in Flash.

The two vulnerabilities are CVE-2013-0633 and CVE-2013-0634. The former, warns Adobe, is being used by attackers within “a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.” The latter is being exploited similarly, but also “in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform.”

Both vulnerabilities are clearly being exploited in targeted attacks. In its acknowledgements for reporting the flaws, Adobe notes Kaspersky Labs for the former, and ShadowServer, MITRE and Lockheed Martin for the latter. The Lockheed Martin association is raising eyebrows. “This combination of reporters suggests that the attacks were targeted industrial espionage,” comments Heise Online

Separately, FireEye has examined the former of the two exploits. “We have identified two unique Word files containing CVE-2013-0633 so far,” it blogged yesterday. “It is interesting to note that even though the contents of Word files are in English, the codepage of Word files are "Windows Simplified Chinese (PRC, Singapore)". The Word files contain a macro to load an embedded SWF flash object.”

It is also worth noting that the modus operandum of these exploits is a typical APT gambit. Last year Trend Micro revealed that more than 90% of successful APT attacks start with spear-phishing via an email containing a malicious attachment. It is probably this combination of defense contractor, China (or at least ‘Chinese’) and APT that has persuaded Adobe to release this emergency patch.

The primary targets are Windows and Mac, but Adobe has also patched Linux and Android. Because of the active, 0-day nature of the attacks, it would be advisable for all users to update Flash as soon as possible – even if they are not defense contractors. The latest, patched versions can be found here.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions | Privacy | Website Design| Reed Exhibitions. All rights reserved. Copyright © 2013
We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×