Kaspersky Lab revealed zero-day vulnerability in Adobe Flash Player
Kaspersky Lab has successfully blocked attacks via a zero-day vulnerability in the Adobe Flash software. Kaspersky Lab researchers discovered this loophole, which was targeted by exploits distributed via a legitimate government website created to collect public complaints about breaches of the law in the Middle Eastern countries.
In mid-April, Kaspersky Lab experts analyzing data from Kaspersky Security Network discovered a previously unknown exploit. On closer examination, it turned out that the exploit was using a previously unknown vulnerability in the popular multimedia software Adobe Flash Player. The vulnerability exists in Pixel Bender – an old component, designed for video and photo processing.
“The first exploit showed rather primitive download-and-execute payload behaviour but the second one tried to interact with Cisco Meeting Place Express Add-In – a special Flash plugin for co-working, in particular, for joint viewing of documents and pictures on a presenter’s PC desktop. This plugin is completely legitimate, but in these particular circumstances it could be used as a spying tool. Moreover, we discovered that this ‘second’ exploit works only if a certain version of Flash Player and CMP Add-In are installed on the attacked PC. This means that attackers probably aimed at a very limited list of victims,” said Vyacheslav Zakorzhevsky, Vulnerability Research Group Manager, Kaspersky Lab.
Further investigation found that exploits were distributed from a website created in 2011 by the Syrian Ministry of Justice to enable people to lodge complaints about breaches of the law. We believe the attack was designed to target Syrian dissidents complaining about the government. Kaspersky Lab experts discovered two kinds of exploits in total, with differences in shellcode (a small piece of code used as the payload when exploiting software vulnerability).
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.