By Ionut Ilascu 23 Jun 2015
Attackers use a new ROP technique to bypass protection
http://i1-news.softpedia-static.com/images/news2/flash-player-zero-day-used-by-chinese-cyber-espionage-group-485077-2.jpg
Flash Exploit uses an uncommon technique
A zero-day Flash Player vulnerability, patched today by Adobe, is currently exploited by an advanced threat group from China in cyber espionage operations.
Security researchers at FireEye named the group APT3 and say that it targets organizations from industry sectors like aerospace and defense, construction and engineering, high tech, telecommunications and transportation.
Victims are lured with a generic phishing email whose text is very similar to spam messages. In an example provided by FireEye the bait used was an offer for a refurbished iMac system certified by Apple, with a discount between $200 and $450 (€180 - €400); the email further enticed the recipient with availability of one-year extendable warranty for the product.
Full Article