Adobe rushes out another emergency Flash Player patch

Security flaw

Adobe has once more been forced to issue a fix for vulnerabilities found in its popular Flash Player software.

In a security advisory, the firm said it had released updates for Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh, as well as Adobe Flash Player 11.2.202.336 and earlier versions for Linux.

It said the updates tackle a number of flaws including a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0498), a memory leak vulnerability that could be used to defeat memory address layout randomisation (CVE-2014-0499) and a double free vulnerability that could lead to arbitrary code execution (CVE-2014-0502).

"These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system," the firm said.

Adobe added that is was aware of reports an exploit for CVE-2014-0502 exists in the wild, and urged users to update their product installations to the latest versions.

As well as Flash Player, the software vendor has also issued patches for its Adobe AIR product.

The vendor said the flaws were brought to its attention by Wen Guanxing of Venustech working with the Zero Day Initiative, the Google Security Team and FireEye.

In a blog post, researchers at security company FireEye said the flaws have led to visitors to at least three non-profit institutions two of which focus on matters of national security and public policy - being redirected to an exploit server hosting the zero-day exploit. It dubbed this attack "Operation GreedyWonk."

"We believe GreedyWonk may be related to a May 2012 campaign outlined by ShadowServer, based on consistencies in tradecraft (particularly with the websites chosen for this strategic web compromise), attack infrastructure, and malware configuration properties," said FireEye researchers.

"The group behind this campaign appears to have sufficient resources (such as access to zero-day exploits) and a determination to infect visitors to foreign and public policy websites. The threat actors likely sought to infect users to these sites for follow-on data theft, including information related to defence and public policy matters," the researchers warned.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.