Adobe Flash Zero Day: Operation GreedyWonk

flash2No more than a week after discovering Internet Explorer 10 Zero Day, researchers at FireEye have uncovered yet another critical vulnerability on widely used software.  CVE-2014-0502, dubbed Operation GreedyWonk, affects the latest versions of Adobe Flash.

Like the IE 10 Zero Day, Operation GreedyWonk bypasses ASLR, a protective measure that randomizes the positions of important data in a program, making it harder for attackers to pinpoint vulnerabilities.

Operation GreedyWonk Affects:

Steps to Mitigation

  1. To determine which version of Flash you are running, you can visit Adobe’s website here.
  2. If you need to update, you can find operating system specific versions here.
  3. If you require assistance with this update process, please don’t hesitate to contact Emsisoft Support.

For a technical analysis of this new Zero Day, we recommend FireEye’s blogpost on Operation GreedyWonk.  Research suggests that GreedyWonk has been perpetrated by politically motivated attackers, as the Zero Day initially targeted three nonprofit organizations: the Peter G. Peterson Institute for International Economics, the American Research Center in Egypt, and the Smith Richardson Foundation.  In particular, users linked to the Smith Richardson Foundation are actively involved in matters of public policy and national security.

As with Snowman, GreedyWonk is likely to spawn many copycat attacks.  As such, Emsisoft recommends that you update Flash immediately.  An official statement from Adobe regarding this matter can be viewed here.

Protect your device with Emsisoft Anti-Malware.

Did your antivirus let you down? We won’t. Download your free trial of Emsisoft Anti-Malware and see for yourself. Start free trial

Have a Great (Malware-Free) Weekend!

Senan Conrad

Senan Conrad

As a cybersecurity enthusiast, Senan specializes in giving readers insight into the ever-changing world of malware, and the ransomware scene in particular. When he's not tapping away at his keyboard, you can catch Senan drinking a good coffee or tinkering in his workshop.

What to read next