Adobe issues advisory for Flash vulnerability targeting government agencies

Adobe has issued a security advisory for an Adobe Flash Player zero-day exploit being used by the folks behind the Pawn Storm cyber-espionage campaign to target foreign ministries worldwide.

Adobe has issued a security advisory for an Adobe Flash Player zero-day exploit being used by the folks behind the Pawn Storm cyber-espionage campaign to target foreign ministries worldwide.
Adobe has issued a security advisory for an Adobe Flash Player zero-day exploit being used by the folks behind the Pawn Storm cyber-espionage campaign to target foreign ministries worldwide.

Adobe has issued a security advisory for an Adobe Flash Player zero-day exploit being used by the folks behind the Pawn Storm cyber-espionage campaign to target foreign ministries worldwide.

The critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player version 19.0.0.207 and earlier for Windows, Macintosh and Linux. The company expects to issue an update for the vulnerability during the week of 19 October. Adobe said in its advisory that a successful exploit could allow the attacker to take control of a vulnerable system.

Adobe is aware that the exploit is being used in limited targeted attacks.

According to a Trend Micro blog post, the vulnerability is being used to attack foreign ministries. Spear-phishing emails link to the exploit and contain subject lines geared to pique the interest of a foreign ministry worker, such as “Suicide car bomb targets NATO troop convoy.”

“The attacks against the vulnerability result in malicious code execution: the attackers are able to run code on the target system,” Christopher Budd, global threat communications manager told SCMagazine.com in an email Wednesday.

Trend Micro's Peter Pi, a co-author of the blog, discovered and reported the issue to Adobe.

Budd did not say why these agencies were singled out for this attack nor was Trend Micro releasing the exact number of victims.

“It's worth noting that the URLs hosting the new Flash zero-day exploit are similar to the URLs seen in attacks that targeted North Atlantic Treaty Organisation (NATO) members and the White House in April this year,” the blog said.