New Flash flaw lets you beat White House and NATO security
Flaw flings phish Pawn Storm gang tried to get past the great and the good
Don't ignore the next emergency Flash Player update you receive: it might be trying to fix yet another vulnerability in the chronically-insecure plug-in.
According to Trend Micro, the vulnerability is already being used by Pawn Storm in phishing attacks against a variety of governments.
Trend's analysts reckon the zero-day works on Adobe Flash Player versions 220.127.116.11 and 18.104.22.168, the latter meaning the vulnerability is present in the most current version of the hopefully-soon-to-be-lamented piece of bugware.
The company emphasises that just because other versions aren't listed doesn't mean they're not vulnerable.
Phishing messages sent to “several ministries of foreign affairs” have links to exploit sites, the company says, warning people to look out for the following subject lines:
- Suicide car bomb targets NATO troop convoy Kabul
- Syrian troops make gains as Putin defends air strikes
- Israel launches airstrikes on targets in Gaza
- Russia warns of response to reported US nuke buildup in Turkey, Europe
- US military reports 75 US-trained rebels return Syria
The URLs involved in the latest exploit are, Trend says, similar to those Pawn Storm tried against NATO and the White House in April. ®