We already heard about how Internet Explorer is experiencing some issues these days; attackers are said to be exploiting a zero-vulnerability. There’s also another campaign that seems to be targeting the Flash media player by Adobe.
Only Microsoft Windows computers are being attacked but the error resides in a Flash component which is also present in Linux and OS X versions. Fortunately, Adobe was quick to fix all versions of the Flash player so better update your software ASAP.
The attack was detected earlier this April as SWF files were noted to bypass security mitigations in Microsoft Windows, Flash, and Windows 8. Exploits are embedded in a file called include.swf. Main target is any computer that runs Cisco Systems MeetingPlace Express Add-In version 5×0.
Kaspersky Lab researcher Vyacheslav Zakorzhevsky shared:
“We are sure that all these tricks were used in order to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. We believe that the Cisco add-in mentioned above may be used to download/implement the payload as well as to spy directly on the infected computer.”
Updates to fix the error are being released. Those running Internet Explorer 10 and IE 11 on the latest Windows 8 will receive the software update automatically, Otherwise, you will have to wait for awhile.