Adobe Flash Player Vulnerability Allows Hackers to Take Control
Adobe Systems warned users that hackers are exploiting another unpatched vulnerability in Flash Player, which is the third vulnerability in the past month.
There are reports that the vulnerability is being actively exploited in drive-by-download attacks that target systems running Flash Player under Internet Explorer or Mozilla Firefox on Windows 8.1 and earlier, according to an Adobe alert.
Adobe said in a security advisory published Monday:
A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 184.108.40.2066 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe plans to release Flash Player updates that will address the flaw later this week.
Adobe has credited Peter Pi from Trend Micro and Elia Florio and Dave Weston from Microsoft with reporting the flaw to the company after it was found being used in attacks.
Adobe had released two Flash Player updates over the past two weeks, Flash Player 220.127.116.117 and 18.104.22.1686, in order to fix two other vulnerabilities that were being actively exploited via malicious advertising (malvertising).
The previous two flaws, identified as CVE-2015-0310 and CVE-2015-0311, had been integrated into an attack tool called the Angler Exploit Kit.
An initial analysis suggests that the new CVE-2015-0313 exploit was also used in attacks launched with Angler, “due to similarities in obfuscation techniques and infection chains,” Pi said.
However, an independent researcher known online as Kafeine, who tracks exploits kits and found the recent Flash Player exploits in Angler, believes the latest attacks might be the work of cybercriminals using a different tool called the Hanjuan Exploit Kit.
Regardless of the tools used to exploit the new vulnerability, users should take precautions until Adobe releases patches. Malicious advertisements are difficult to block because they are launched through legitimate advertising networks and appear on popular, trusted websites.
Users should enable the click-to-play feature in browsers to prevent plug-in-based content like Flash from running automatically without explicit consent. Users should also keep antivirus programs up to date, because Adobe shares exploit samples with security vendors so they can create detection signatures.
Sword & Shield’s Asset Discovery and Vulnerability Assessment – a component of our Managed Security Services – delivers an inventory of critical assets along with a vulnerability mapping to help reduce the exposure to attack.
Eric Walker is a senior security analyst with Sword & Shield. He performs network vulnerability, penetration testing, web application testing and wireless, firewall, physical and social engineering assessments for a diverse group of commercial and government clients.