Few days after Microsoft published a security advisory about a new critical security bug in IE that is being used in limited and targeted attacks, Adobe has issued an emergency security update to fix a critical vulnerability(CVE-2014-0515) in flash player.
Please note that it is completely unrelated to IE Exploit in which bug was in IE and the flash file(.swf) used for making the attack successful. But, in this case, the bug exists in the flash player plugin.
So, people who use vulnerable version of Adobe Flash player likely to be vulnerable to this attack.
If you are using windows or Mac, make sure you have the latest flash player version 13.0.0.206. If you are using Linux, make sure to update to the latest version 11.2.202.356.
This new zero-day flash exploit was spotted as being used in Watering-hole attacks by researchers at Kaspersky Labs in early April.
According to SecureList, this flash exploit spread from a Syrian Justice Ministry website(jpic.gov.sy). Researchers believe the attack was designed to compromise the computers of Syrian dissidents complaining about the government.
