Zero-Day Flash Bug Under Active Attack in Windows Threatens OS X, Linux Too
A day after reports that attackers are exploiting a zero-day vulnerability in Microsoft’s Internet Explorer browser, researchers warned of a separate active campaign that was targeting a critical vulnerability in fully patched versions of Adobe’s ubiquitous Flash media player.
No patch available yet for critical bug affecting all supported versions of IE.
The attacks were hosted on the Syrian Ministry of Justice website at
jpic.gov.syand were detected on seven computers located in Syria, leading to theories that the campaign targeted dissidents complaining about the government of President Bashar al-Assad, according to a blog post published Monday by researchers from antivirus provider Kaspersky Lab. The attacks exploited a previously unknown vulnerability in Flash when people used the Firefox browser to access a booby-trapped page. The attackers appear to be unrelated to those reported on Sunday who exploited a critical security bug in Internet Explorer, a Kaspersky representative told Ars.
cve.mitre.org — nothing’s really here yet, but keep an eye on it for updates.
*note - I disarmed the Syrian link above by mapping it to /dev/null.