Adobe released an update for the Adobe Flash Player earlier this week to rectify a zero-day exploit being employed as part of the long-running cyber-espionage campaign known as "Pawn Storm." Unfortunately, as determined by Trend Micro (opens in new tab) and confirmed by Adobe in a follow-up security bulletin (opens in new tab), that update failed to correct the problem, and so another update (opens in new tab) has been released today.
The new update addresses "critical" vulnerabilities in the Flash Player, which "if exploited would allow malicious native-code to execute, potentially without a user being aware," according to Adobe's severity ratings (opens in new tab). This could result in PCs being crashed or even taken over by remote attackers.
The good news, such as it is, is that the exploit is being used in "limited, targeted attacks," according to the security bulletin. Trend Micro said essentially the same thing on its blog (opens in new tab), noting that Pawn Storm attacks appear to be contained to international government agencies, specifically against "several foreign affairs ministries from around the globe."
Even so, this is pretty clearly another nail in Flash's coffin. It's on the way out anyway, and security holes like this are sooner or later bound to become less about making sure that Flash is up to date, and more about wondering why you're bothering with it in the first place.
There's plenty to read about it if cyber-security is your thing. If, on the other hand, you just want to ensure that your PC doesn't get dicked around by some jerk on the other side of the planet, you can simply grab the latest update (opens in new tab) and carry on with your day. Either way, it's something you'll want to get on with as soon as possible.
Thanks, Ars Technica.
