The recent emergency update to Adobe Flash Player revealed a larger than anticipated security threat.
Earlier this month, Adobe released an update to its Flash Player across all platforms, responding to a previously unknown zero-day exploit that would allow hackers to take control of a user’s machine. Although the release was directed toward users on all platforms with all browsers, including Chrome and Safari, the situation is developing into a more serious issue than it may once have seemed. News issued by network security company FireEye has alerted the public to the extent which the vulnerability was used against visitors of three non-profit institutions.
The FireEye Report
FireEye published a blog post on Thursday about the security issue which it refers to as “Operation GreedyWonk.” The organization said it was first alerted to malicious code on the Peter G. Peterson Institute for International Economics website which redirected visitors to an exploit server. Similar code was then found on the American Research Center in Egypt and Smith Richardson Foundation websites.
The malicious code takes advantage of something in computer systems known as Address Space Layout Randomization. ASLR works by forcing downloaded scripts on a user’s machine to load in a different memory location each time the machine is rebooted. By doing that, it keeps remote computers in the dark about where a malicious script is located; it prevents the remote computer from being able to spy on the host computer.
Not all computers benefit from ASLR, however. FireEye says that users who run Windows XP and some with Windows 7 do not have that protection.
“Users can mitigate the threat by upgrading from Windows XP and updating Java and Office,” FireEye recommends. “If you have Java 1.6, update Java to the latest 1.7 version. If you are using an out-of-date Microsoft Office 2007 or 2010, update Microsoft Office to the latest version.”
Updating Adobe Flash Player
FireEye goes on to say that “these mitigations do not patch the underlying vulnerability.” They can help provide a user with ASLR protection, but that doesn’t address the need to update Flash Player, which is the initial source of the exploit. It is not just users of older systems who need to update Flash. With or without ASLR, users running older models of the Adobe software will remain subject to future attacks. And if they do not update, hackers could potentially use Flash to grant themselves access to their machines.
Adobe has addressed the issue with updates for Windows, Mac, and Linux systems. Its security bulletin states that everyone should update to Flash Player version 12.0.0.44 for Windows and Mac and 11.2.202.336 for Linux.
Google Chrome, the site says, will automatically update its player to the newest available version, and Internet Explorer for the latest versions of Windows 8 will do likewise. Users of all other Web browsers should be covered by the individual updates issued to their respective systems.
Image courtesy of Adobe Systems via Wikimedia Commons
