Adobe Flash zero-day vulnerability surfaces one day after security updates
Yesterday Adobe rolled out its monthly security patches, something all users should pay attention to given past history. Flash, Reader and Acrobat all received fixes, presumably remedying the current batch of problems plaguing the software. The problem is, nothing ever seems fixed in the world of Adobe.
To that end, a zero-day exploit has already been discovered by the folks at security firm Trend Micro. Yes, that didn't take long and Adobe didn't fix this one.
"Trend Micro researchers have discovered that the attackers behind Pawn Storm are using a new Adobe Flash zero-day exploit in their latest campaign. Pawn Storm is a long-running cyber-espionage campaign known for its high-profile targets and usage of the first Java zero-day we’ve seen in the last couple of years", Trend explains.
The latest targets were foreign affairs agencies which received email purporting to be news reports -- "Suicide car bomb targets NATO troop convoy Kabul" and the like. The web sites hosting the links are similar to those responsible for earlier attacks on NATO and the White House.
Trend Micro points out that "Foreign affairs ministries have become a particular focus of interest for Pawn Storm recently. Aside from malware attacks, fake Outlook Web Access (OWA) servers were also set up for various ministries".
The security firm has notified Adobe of the problem, but so far no fix has been announced. The best way to alleviate the problem is by uninstalling Flash from your computer -- you need it increasingly less these days.