Researchers from antivirus software developer Kaspersky Labs warn for a zero-day exploit in Adobe Flash affecting users running Windows, OSX and Linux. So far the researchers only observed observed an actual attack against Windows machine, however the same vulnerable code also resides in OSX and Linux versions of Flash.
The exploit goes by the name CVE-2014-1776 and resides in a Flash component known as the Pixel Bender. The vulnerabilities could potentially allow an attacker to take control of the affected system
The announcement of the zero day exploit comes a couple of days after Microsoft announced a zero day vulnerability in Internet Explorer. While Microsoft hasn't patched Internet Explorer, Adobe has released a patch for all affected operating systems which means that by updating to the latest Adobe Flash Player the computer is protected against the exploit.
The exploit was first detected on seven Syrian computers which had the vulnerable Adobe Flash Player installed. The attacks seem to have been hosted on the Syrian Ministry of Justice website, which caused the researchers to believe the exploits are state-sponsored.
This speculation is further supported by proof that one exploit based on the vulnerability also attacked computers with Cisco Systems MeetingPlace Express Add-In version 5x0 installed. An application used to view documents and images during Web conferences and not common on home user systems.
