On Tuesday, Adobe released Flash Player version 11.3.300.270, which fixes a vulnerability (CVE-2012-1535) that could allow an attacker to take control of the affected system. On Wednesday, SecureState’s Research and Innovation Team started receiving intel showing that CVE-2012-1535 is being exploited in targeted attacks. Currently these attacks are being carried out using specially crafted Word documents that contain an embedded malicious Flash file.
At this time, the attacks are targeted in nature and the vulnerability is not being exploited on a large scale. However, with a working exploit in the wild and the popularity of Flash Player, the number of attacks will most likely become more wide spread and increase over the next few days.
System owners are encouraged to upgrade to the latest version of Flash Player as quickly as possible. SecureState’s R&I team will post additional information on these attacks as the situation develops.