Adobe Flash Zero Day: Operation GreedyWonk

flash2No more than a week after discovering Internet Explorer 10 Zero Day, researchers at FireEye have uncovered yet another critical vulnerability on widely used software.  CVE-2014-0502, dubbed Operation GreedyWonk, affects the latest versions of Adobe Flash.

Like the IE 10 Zero Day, Operation GreedyWonk bypasses ASLR, a protective measure that randomizes the positions of important data in a program, making it harder for attackers to pinpoint vulnerabilities.

Operation GreedyWonk Affects:

  • Windows XP
  • Windows 7 with version 1.6 version of Java
  • Windows 7 with Office 2007 or Office 2010
  • Any other computer with Flash versions 12.0.0.44, 11.7.700.261, or anything earlier.

Steps to Mitigation

  1. To determine which version of Flash you are running, you can visit Adobe’s website here.
  2. If you need to update, you can find operating system specific versions here.
  3. If you require assistance with this update process, please don’t hesitate to contact Emsisoft Support.

For a technical analysis of this new Zero Day, we recommend FireEye’s blogpost on Operation GreedyWonk.  Research suggests that GreedyWonk has been perpetrated by politically motivated attackers, as the Zero Day initially targeted three nonprofit organizations: the Peter G. Peterson Institute for International Economics, the American Research Center in Egypt, and the Smith Richardson Foundation.  In particular, users linked to the Smith Richardson Foundation are actively involved in matters of public policy and national security.

As with Snowman, GreedyWonk is likely to spawn many copycat attacks.  As such, Emsisoft recommends that you update Flash immediately.  An official statement from Adobe regarding this matter can be viewed here.

Have a Great (Malware-Free) Weekend!