An Adobe security bulletin states, ‘A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. It applies to version 19.0.0.207 (released this Thursday) and earlier for Windows, Mac and Linux.”
Trend Micro has stated that the vulnerability is being used by the attackers behind Pawn Storm and is aimed at high profile targets – that leaves most of us out!
In this most recent campaign, Pawn Storm targeted several foreign affairs ministries from around the globe. The targets received spear phishing e-mails that contained links leading to the exploit. The emails and URLs were crafted to appear like they lead to information about current events, with the email subjects containing the following topics:
“Suicide car bomb targets NATO troop convoy Kabul”
“Syrian troops make gains as Putin defends air strikes”
“Israel launches airstrikes on targets in Gaza”
“Russia warns of response to reported US nuke buildup in Turkey, Europe”
“US military reports 75 US-trained rebels return Syria”
|
|
These are used for simple, but extremely effective, credential phishing attacks. One Ministry of Foreign Affairs got its DNS settings for incoming mail compromised. This means that Pawn Storm has been intercepting incoming e-mail to this organization for an extended period in 2015.
Pawn Storm has focused on foreign affairs ministries, politicians, artists, and journalists in Russia, and it has infected the iOS devices of Western governments and news organizations. Some say that it is Nation State cyber-hacking by the Russian Government.
That does not remove the issue – Adobe Flash is vulnerable to multiple attack vectors. The question is whether to disable (remove) Flash. Most browsers provide a click-to-play that blocks Flash-based content unless explicitly approved by the end user.
