Adobe fixes vulnerability in Flash Player software

Security

by | 29 April 2014

Bug in Flash used to spy on Syria dissidents.

Adobe Systems released emergency security patches to fix a vulnerability in versions of Flash Player.

Cybersecurity company Kaspersky Lab revealed that a bug related to Flash compromised jpic.gov.sy, a Syrian Justice Ministry website that was set up to receive complaints about law violations.

According to Adobe, the vulnerability detected in Flash helped attackers gain control of affected computer systems, thereby compromising the security of those who visited the site.

The company, however, said that no other attacks as a result of the Flash bug have been reported.

According to Kaspersky security researchers, the Syrian website attack was a type of watering-hole campaign wherein hackers compromise the systems of individuals by targeting and infecting the sites which they frequent.

The researchers believe the attack was designed to spy on Syrian dissidents complaining about the government.

Vyacheslav Zakorzhevsky, manager of the vulnerability research group at Kaspersky Lab, said: "Although we've only seen a limited number attempts to exploit this vulnerability, we're strongly recommending users to update their versions of Adobe Flash Player software.

"It is possible that once information about this vulnerability becomes known, criminals will try to reproduce these new exploits or somehow get the existing variants and use them in other attacks."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.