Kaspersky Lab Experts Credited for Identifying and Reporting Latest Zero-Day Vulnerability in Adobe Flash Player
12 Feb 2013
Kaspersky Lab’s team of experts recently identified a critical zero-day vulnerability in Adobe Flash Player (CVE-2013-0633) that was being actively exploited in targeted attacks. Kaspersky Lab reported the vulnerability to Adobe, which issued a security update on February 7, 2013.
The vulnerability was first identified by Kaspersky Lab researchers Sergey Golovanov and Alexander Polyakov and it impacts Windows, Mac OS X and Linux operating systems, as well as a number of earlier versions of Android.
Kaspersky Lab advises users to update their systems with the latest version of Adobe Flash Player, which includes the security patch to protect against this vulnerability. Users can verify what version they are running by visiting the Adobe’s About Flash Player webpage, or following the instructions provided in Adobe’s relevant security bulletin.
The vulnerability was being used in a series of targeted attacks that were designed to trick victims into opening a spear-phishing email with a Microsoft Word document, which contained malicious Flash (SWF) content. The majority of attacks analyzed by Kaspersky Lab were targeted against human rights activists and political dissidents from Africa and the Middle East.
For more information on how these exploits were being used in targeted attacks, visit Securelist.
For information about the vulnerability in Adobe Flash Player and how to update your system with the latest version, refer to Adobe’s security bulletin.