Adobe has updated its Flash Player to fix a bug that cybersecurity outfit Kaspersky Lab said had been exploited to attack visitors to a Syrian government website. In an advisory posted on its site Adobe said that the vulnerability could allow attackers to gain control of affected computer systems. It released updates to fix the bug for systems running on Microsoft Windows, Apple Mac and Linux operating systems.
Kaspersky said on its blog that it learned in mid-April that a Syrian Justice Ministry website, jpic.gov.sy that serves as an online forum for citizen complaints had been compromised. No attacks on other websites have been reported because of the Flash flaw. Kaspersky Lab researcher Vyacheslav Zakorzhevsky said that the attack was designed to target Syrian dissidents complaining about the government.
Kaspersky described the attack as a "watering-hole" campaign. In such attacks, hackers infect websites frequented by individuals whose computers they are looking to compromise. When they visit the tainted site, their systems become infected.