McAfee security researchers claim the Chinese hackers who reportedly targeted human rights activists and at least 34 companies used a zero-day flaw in Internet Explorer to carry out at least some of the attacks. More info at The Register.
The previously unknown flaw in the IE browser was probably just one of the vectors used in the attacks, McAfee CTO George Kurtz wrote in a blog post. Using a sophisticated spear-phishing campaign, the perpetrators included malicious links exploiting the bug in emails and instant messages sent to employees from at least three of the targeted companies.
Contrary to previous speculation, there was no evidence vulnerabilities in Adobe's Reader or Acrobat applications were used in any of the attacks, Kurtz said. In its own statement, adobe concurred, saying researchers "have not been able to obtain any evidence to indicate that Adobe Reader or other Adobe technologies were used as the attack vector in this incident."