Flash Player 0-day exploited in the wild, patch immediately!

Adobe has released an emergency patch for its notoriously buggy Flash Player software because attackers are actively exploiting a critical vulnerability that can lead to total system compromise.

“Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets,” the company shared in a security bulletin published on Tuesday.

The vulnerability was reported to Adobe by FireEye researchers, who spotted it being exploited in June in a phishing campaign. The emails included links to compromised web servers that served either benign content or a malicious Adobe Flash Player file that exploits the flaw.

The (very generic) phishing campaign is apparently aimed at organizations in the aerospace and defense, construction and engineering, high tech, telecom, and transportation industries.

“The attack exploits an unpatched vulnerability in the way Adobe Flash Player parses Flash Video (FLV) files. The exploit uses common vector corruption techniques to bypass Address Space Layout Randomization (ASLR), and uses Return-Oriented Programming (ROP) to bypass Data Execution Prevention (DEP). A neat trick to their ROP technique makes it simpler to exploit and will evade some ROP detection techniques,” FireEye researchers explained.

“Shellcode is stored in the packed Adobe Flash Player exploit file alongside a key used for its decryption. The payload is xor encoded and hidden inside an image.”

The researchers believe that a threat group they dubbed APT3 (aka UPS) is behind the attack. Deemed very sophisticated, this group has used browser-based zero-day exploits several times before.

They are usually after credentials, and aim to achieve persistence in the target organizations’ network by installing custom backdoors on many hosts within it.

Windows, OS X and Linux users are advised to update their product installations to the latest versions. You can check which version you are using by vising this page.

Adobe Flash Player installed with Google Chrome and with Internet Explorer on Windows 8.x will automatically update to the latest version.

Share this
You are reading

Flash Player 0-day exploited in the wild, patch immediately!