430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Fixed a serious flaw in Adobe Flash Player exploited in “the Mask APT”

Adobe has released security updates for Adobe Flash Player to fix a critical vulnerability exploited in a sophisticated cyber espionage campaign. Adobe has released today a new patch for the Flash Player product to fix a vulnerability which is currently being exploited. The vulnerability (CVE-2014-0497), allows an attacker to remotely take control of the targeted system […]

Fixed a serious flaw in Adobe Flash Player exploited in “the Mask APT”

Adobe has released security updates for Adobe Flash Player to fix a critical vulnerability exploited in a sophisticated cyber espionage campaign.

Adobe has released today a new patch for the Flash Player product to fix a vulnerability which is currently being exploited. The vulnerability (CVE-2014-0497), allows an attacker to remotely take control of the targeted system hosting Flash.

The security hole affects the version 12.0.0.43 and earlier for both Windows and Mac OSs and Adobe Flash Player 11.2.202.335 and earlier versions for Linux.

Adobe Flash Player vulnerability

The vulnerability was discovered by two researchers at Kaspersky Lab, Alexander Polyakov and Anton Ivanov.

The story started some month ago, when the Kaspersky Team discovered a new sophisticated cyberespionage operation which has been going on at least since 2007. The operation dubbed “The Mask” hit systems in 27 countries leveraging high-end exploits, the attackers adopted an extremely sophisticated malware which includes a bootkit and rootkit. The malicious code used is able to infect also Mac and Linux versions and included a customized attack against Kaspersky products.

“This is putting them above Duqu in terms of sophistication, making it one of the most advanced threats at the moment. Most interesting, the authors appear to be native in yet another language which has been observed very rarely in APT attacks.We will present more details about the “Mask” APT next week at the Kaspersky Security Analyst Summit 2014 (on Twitter, #TheSAS2014). reports a post on SecureList blog

Adobe was informed of the availability of an exploit in the wild used to hit systems running the Flash Player, it recommends users to update their product installations to the latest versions:

  • Users of Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.44.
  • Users of Adobe Flash Player 11.2.202.335 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.336.
  • Adobe Flash Player 12.0.0.41 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.44 for Windows, Macintosh and Linux.
  • Adobe Flash Player 12.0.0.38 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.0.
  • Adobe Flash Player 12.0.0.38 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.1.

Stay tuned to receive more info in The Mask campaign.

UPDATE February 05 2014

It seems that CVE-2014-0497 is not linked with the Mask campaign  …

twitter Adobe Flash Player vulnerability

(Security Affairs –  cyberespionage, The Mask, Adobe)