11 Apr 2011

Security company confirms attack due to Flash vulnerability

Last month’s hacking of a security provider was due to a vulnerability in Adobe Flash, the company recently confirmed.

Hackers were able to access the company’s network by sending emails to employees with a malicious attachment. Once opened, the vulnerable Flash file was exploited and allowed the hackers to control the employee’s computer. The Flash vulnerability was unknown at the time, but has since been fixed by Adobe.

Once the cyber criminals had access to the computer, they installed the Poison Ivy remote administration tool to access personal information, user credentials and transfer data.

The company reported the attack three days after Adobe issued a warning regarding the vulnerability.

"There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash file embedded in a Microsoft Excel file delivered as an e-mail attachment," Adobe said last month.

Recently, the world’s largest distributor of permission-based email was attacked by hackers. The cyber criminals were able to obtain millions of email addresses from major companies, including Capital One, Chase, CitiGroup and JP Morgan Chase.