Adobe Flash Zero Day Bug Central to RSA Hack

Monday, April 04, 2011



A vulnerability in Adobe's Flash Player opened the door for attackers in the recent hack of security vendor RSA.

In a targeted attack, hackers sent emails to a select group of RSA employees which contained a spreadsheet attachment titled "2011 Recruitment plan.xls." 

The attachment contained malware that exploited a flaw in the Adobe software that enabled the attackers to use a version of the Poison Ivy remote administration tool (RAT) to glean authentication credentials that allowed access to other systems in the company's network.

The revelation that the breach was accomplished with malware-laden emails is contrary to RSA's assertion that the attack showed evidence of being an Advanced Persistent Threat (APT) operation, typically involving a much more complicated series of events.

RSA, the security division of EMC, had announced last month that they suffered a breach stemming from a sophisticated attack on their network systems which targeted proprietary information on RSA's SecurID two-factor authentication systems.

SecurID is a product designed to prevent unauthorized access to enterprise network systems, and exposure of proprietary information about the product could in turn make RSA's clients more vulnerable to hacks themselves.

RSA's customers include government, military, financial, enterprise, healthcare and insurance companies.

RSA had reported the breach on March 17, three days after Adobe had issued an alert indicating they had discovered the vulnerability and had evidence it was being exploited in conjunction with Excel spreadsheets delivered via email:

"There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an e-mail attachment," Adobe's advisory stated.

Adobe issued a patch for the vulnerability on March 21.


Possibly Related Articles:
Adobe Flash RSA Zero Day Vulnerabilities Headlines breach SecurID hack
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.