Researchers from Kaspersky Labs recently identified a zero-day vulnerability in Adobe's Flash Player that enabled critical remote code execution and was being exploited in the wild. They highlighted the fact that there were at least 11 exploits leveraging the vulnerability. Adobe released an emergency patch for the issue across the Mac, Windows and Linux versions of its product.
The researchers outlined their findings in a blog post describing the flaw. The exploits used a few different approaches to either read an executable contained within an SWF file, download an executable from a URL in the SWF file's parameters or to open a dialog window informing the user he or she had "been owned." The SWF files used were found embedded into .docx files with Korean names.
Just one of the exploits actually contained a payload, which was a primitive downloader designed to download and install Trojans from a remote server, researchers noted. The programs it downloaded included one designed to steal data from the login pages of services like Facebook, Twitter, Yahoo and a number of Russian websites and another backdoor designed to work in conjunction with the first.
"We reported this to Adobe and it turned out that these ITW exploits targeted a zero-day vulnerability," Kaspersky's Vyacheslav Zakorzhevsky wrote of the findings on Feb. 5. "Today, Adobe released a patch for the vulnerability."
Adobe noted that it is aware exploits exist in the wild and recommended users update their software immediately. Companies can reduce the likelihood of such high-tension software security scenarios by implementing more safeguards as part of a secure development lifecycle. Using tools like static analysis software, businesses whose products may not have as many researchers reaching out to help with security can reduce the likelihood of potentially compromising zero-days.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.