updated 04:32 pm EST, Thu February 20, 2014
At least three websites attacked so far
Adobe has issued a new version of Flash Player, 126.96.36.199, to deal with a serious vulnerability. Security firm FireEye notes that the hole has already been used to attack at least three non-profit websites. "This threat actor clearly seeks out and compromises websites of organizations related to international security policy, defense topics, and other non-profit sociocultural issues," it writes. "The actor either maintains persistence on these sites for extended periods of time or is able to re-compromise them periodically.
"This actor also has early access to a number of zero-day exploits, including Flash and Java, and deploys a variety of malware families on compromised systems. Based on these and other observations, we conclude that this actor has the tradecraft abilities and resources to remain a credible threat in at least the mid-term."
The update is Adobe's second for Flash in the space of a month. Flash and Java are two of the most common vectors for malware attacks.