Reports have emerged that attackers part of a foreign cyber espionage campaign, referred to as Pawn Storm, have leveraged a critical security vulnerability that was recently discovered in Adobe's Flash Player software.
Adobe is aware of the vulnerability, which has been categorized as a critical vulnerability, and which affects the following versions of the software on the following platforms:
- Version 18.104.22.168 on Windows and Macintosh
- Extended Support versions 22.214.171.124 and 18.x
- Linux versions 126.96.36.1995 and 11.x
A critical security vulnerability, as defined by Adobe, has the potential to "allow malicious native-code to execute, potentially without a user being aware" if exploited.
Adobe has recently released a series of security updates for the affected software and platforms.
The recent report describes the latest in a series of attacks by members of the Pawn Storm campaign. According to Trend Micro, the "attackers behind Operation Pawn Storm have been active since at least 2007" and they have been known to target high-profile entities and organizations.
Earlier this year, Pawn Storm attackers targeted members of NATO and several foreign governments with phishing attacks. Notably, the attackers have also targeted users of Apple iOS devices with a rogue application designed to collect and transmit data from an infected device.
Based on previous events, Trend Micro has stated that Pawn Storm attackers commonly focus on attack vectors that rely on deception: phishing e-mail scams, website phishing, and malicious iframes.