Adobe Flash Player zero day attack targets defence manufacturers

Cybercriminals are exploiting a vulnerability in Adobe Flash Player in a targeted attack on manufacturers of defence products. According to Symantec, the attackers will soon cast a broader net aimed at a wider variety of organisations.

Adobe issued a security bulletin on the weekend detailing a vulnerability in its Flash Player currently being exploited, known as the ‘Adobe Flash Player CVE-2012-0779 Object Type Confusion Remote Code Execution Vulnerability’.

According to Symantec, attacks based on the vulnerability have been “in the wild for over a week”, and target Flash Player on Internet Explorer for Windows.

The attack is delivered through custom crafted emails with malicious attachments. A reported 78 versions of Flash Player are vulnerable to the attack. If the attachment is opened on a computer with one of these vulnerable versions of Flash Player, the software will open a channel to another malicious Flash file hosted on a remote server.

“When the Flash file is acquired and opened, it sprays the heap with shellcode and triggers the CVE-2012-0779 exploit. Once the shellcode gains control, it looks for the payload in the original document, decrypts it, drops it to disk and executes it. Symantec detects this payload as Trojan.Pasam,” a statement from Symantec said.

“So far we have identified multiple targets across manufacturers of products used by the defense industry, but this is likely to change in the coming days.”

Symantec advises that organisations keep their security solutions up-to-date and update to the latest version of Adobe Flash Player.

More details, including sample emails used in the attack, are available on Symantec’s website.