Flash flashes again, it’s an ugly sight

flash_compAdobe has announced a new critical security vulnerability (CVE-2015-7645) and it looks ugly. A “successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system” and this time it has already been used for “limited, targeted attacks” exploits as per the report.

The vulnerability affects Linux, Windows and Mac and Adobe is expecting to publish a patch by Oct 19, 2015. However, Adobe’s love for Linux is widely known and there is no information on whether a patch will be available for Linux. As you might be aware, Adobe has discontinued active development and support for Linux for a while.

Following versions are affected:

  • Adobe Flash Player 19.0.0.207 and earlier versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release version 18.0.0.252 and earlier 18.x versions
  • Adobe Flash Player 11.2.202.535 and earlier 11.x versions for Linux

The firm that exposed the vulnerability, Trend Micro, gave more details on the vulnerability adn how it has been used for operation Pawn Storm. In this attack phishing emails were sent targeting organizations and government institutions such as NATO and the White House, and high-profile political personalities in Ukraine and Russia on the following topics:

Suicide car bomb targets NATO troop convoy Kabul
Syrian troops make gains as Putin defends airstrikes
Israel launches airstrikes on targets in Gaza
Russia warns of responses to reported US nuke buildup in Turkey, Europe
US military reports 75 US-trained rebels return Syria

The mails contained URLs which hosted the exploit. The attacks are believed to be initiated in Russia.

We would suggest our readers to remove Flash completely from their systems and use modern technologies likes HTML5 in their browsers. Some alternatives are available too.

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s