Adobe Flash zero day exploit patched, after foreign policy websites compromised

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Critical Flash zero-day exploitAdobe Flash users are once again being told they need to update their software, after a new zero-day exploit was discovered.

The critical security flaw in in Adobe Flash Player was uncovered after hackers targeted visitors to a number of different foreign and economic policy websites dealing with matters of US national security.

Researchers at FireEye identified the new Flash vulnerability being exploited on February 13th, as computer users visiting the Peter G. Peterson Institute for International Economics were invisibly redirected to an exploit server hosting the zero-day exploit.

Peter G. Peterson Institute for International Economics website

Sign up to our free newsletter.
Security news, advice, and tips.

The security firm later discovered that the websites of the American Research Center in Egypt and the Smith Richardson Foundation (SRF) were also redirecting visitors to the malicious web server. At the time of writing, the SRF website says it is – perhaps unsurprisingly – down for maintenance.

SRF website closed for maintenance

Anyone who has visited these websites in recent weeks is at a high risk of having had their computers infected, and the potential for data on their PCs to have been stolen.

And, because of the nature of the types of people attracted to such sites, you have to consider that any information exfiltrated from the infected computers could be of interest to foreign states gathering intelligence.

FireEye, which has bizarrely named the attack “Operation GreedyWonk”, paints a picture of a co-ordinated campaign designed to exploit websites related to national defence and security and compromise the computers of their visitors.

This threat actor clearly seeks out and compromises websites of organizations related to international security policy, defense topics, and other non-profit sociocultural issues. The actor either maintains persistence on these sites for extended periods of time or is able to re-compromise them periodically.

This actor also has early access to a number of zero-day exploits, including Flash and Java, and deploys a variety of malware families on compromised systems. Based on these and other observations, we conclude that this actor has the tradecraft abilities and resources to remain a credible threat in at least the mid-term.

Researchers say that currently the Adobe Flash exploit has been used to target computers running Windows XP, Windows 7 and Java 1.6, Windows 7 and unpatched versions of Microsoft Office 2007 or 2010. Although updating your versions of Office or Java might mitigate this particular threat (and I’ve talked a lot about moving away from Windows XP in the past), there’s nothing to stop cybercriminals exploiting the Flash flaw to serve up other attacks.

So the best solution is to patch Flash, and close the vulnerability forever.

Adobe has issued a security advisory for Windows, Mac and Linux users of Flash Player to upgrade to the latest version – 12.0.0.70.

If your installation of Adobe Flash does not update automatically, you can download the security update from the Adobe Flash Player Download Center.

In addition to the Adobe Flash updates, Adobe Air users are also being told to update their systems with new versions for Android, Windows and Mac. It would also make sense, if you are a user of Office 2007, Office 2010 or Java to make sure you are running the latest versions of those software products as well.

Read more on FireEye’s blog post and in Adobe’s security bulletin about the threat.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.