Adobe has patched 69 flaws in Reader, Acrobat and Flash but it is unclear whether the company has fixed yet another zero-day vulnerability in the latter which researchers claim is being used in the ‘Pawn Storm’ phishing campaign.
Pawn Storm is well known for its high-profile targets and researchers at TrendMicro note the URLs hosting the exploit are similar to those used in attacks targeting NATO and the White House earlier this year. TrendMicro has been monitoring the campaign for some time.
Example of such subjects included “Suicide car bomb targets NATO troop convoy Kabul”, “Syrian troops make gains as Putin defends air strikes”, “Israel launches airstrikes on targets in Gaza”, “Russia warns of response to reported US nuke build-up in Turkey, Europe” and “US military reports 75 US-trained rebels return Syria.”
“Foreign affairs ministries have become a particular focus of interest for Pawn Storm recently,” added the firm. “Aside from malware attacks, fake Outlook Web Access (OWA) servers were also set up for various ministries. These are used for simple, but extremely effective, credential phishing attacks. One Ministry of Foreign Affairs got its DNS settings for incoming mail compromised. This means that Pawn Storm has been intercepting incoming e-mail to this organisation for an extended period of time in 2015.”
The researchers say the flaw affects at least versions 19.0.0.185 and 19.0.0.207 of Flash and have notified Adobe. However it is unclear whether the raft of updates have repaired the vulnerability. Adobe says none of the bugs it has identified have been seen in the wild, although one bug reported by TrendMicro has been fixed. TechWeekEurope has asked Adobe for clarification.
All the patches are deemed ‘critical’ because they could allow a remote attacker to take control of a system.
“APSB15-24 for Reader andAPSB15-25 for Flash address a number of critical vulnerabilities (over 50 for Reader) that would allow an attacker to execute code within the context of the user,” said Wolfgang Kandek, Qualys CTO. “Flash we recommend patching immediately. On the other hand Adobe’s Sandbox has been providing additional hardening to its PDF Reader and it has been over a year since we have seen PDF files used in exploits in the wild. Patch with within your normal patch cycle.”
The bugs will do nothing to calm fears about the security of Flash, which has been blocked by default, albeit temporarily, in Firefox and adverts using the software are automatically paused in Google Chrome.
Facebook’s new chief security officer Alex Stamos has also called on Adobe to set an end of life date for the much-maligned plug-in due to the sheer number of security threats.
Are you a security pro? Try our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…