Attackers are exploiting a previously unknown security flaw in Adobe’s ubiquitous Flash Player software to launch targeted attacks, according to several reliable sources. The attacks come less than three weeks after Adobe issued a critical update to fix a different Flash flaw that crooks were similarly exploiting to install malicious software.
According to sources, the attacks exploit a vulnerability in fully-patched versions of Flash, and are being leveraged in targeted spear-phishing campaigns launched against select organizations and individuals that work with or for the U.S. government. Sources say the attacks so far have embedded the Flash exploit inside of Microsoft Word files made to look like important government documents.
Adobe spokesperson Wiebke Lips said the company is currently investigating reports of a new Flash vulnerability, and that Adobe may issue an advisory later today if it is confirmed.
On March 11, Adobe issued a critical update to fix a security hole in Flash that it had earlier said was being attacked via malicious Flash content embedded in Microsoft Excel files. It’s not clear how long attackers have been exploiting this newest Flash flaw, but its exploitation in such a similar manner as the last flaw suggests the attackers may have a ready supply of unknown, unpatched security holes in Flash at their disposal.
Update, 3:57 p.m. ET: Ever wonder what anti-virus detection looks like in the early hours of a zero day outbreak like this? A scan of one tainted file used in this attack that was submitted to Virustotal.com indicates that just one out of 42 anti-virus products used to scan malware at the service detected this thing as malicious.
Update, 4:10 p.m. ET: Removed advice about deleting or renaming authplay.dll, which several readers (and now Adobe) have pointed out is specific to Adobe Reader and Acrobat.
Update, 5:05 p.m. ET: Adobe just released an advisory about this that confirms the above information.