Like Tree1Likes
  • 1 Post By hackerman1

Thread: Yet another 0-day exploit in Adobe Flash Player.....

  1. #1
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default Yet another 0-day exploit in Adobe Flash Player.....

    Yet another 0-day exploit in Adobe Flash Player.....

    "Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements


    Our researchers have discovered a new zero-day exploit in Adobe Flash used in malvertisement attacks. The exploit affects the most recent version of Adobe Flash, and is now identified as CVE-2015-0313.

    Our initial analysis suggests that this might have been executed through the use of the Angler Exploit Kit, due to similarities in obfuscation techniques and infection chains.

    According to our data, visitors of the popular site dailymotion.com were redirected to a series of sites that eventually led to the URL hxxp://www.retilio.com/skillt.swf, where the exploit itself was hosted.

    It is important to note that infection happens automatically, since advertisements are designed to load once a user visits a site.
    It is likely that this was not limited to the Dailymotion website alone since the infection was triggered from the advertising platform and not the website content itself.

    Trend Micro detects this exploit as SWF_EXPLOIT.MJST and blocks the URL mentioned above.

    The ads from this particular infection chain appear to be down as of this writing.

    We have been monitoring this attack since January 14, and saw a spike in the hits to the IP related to the malicious URL around January 27.
    According to data from the Trend Micro™ Smart Protection Network™, most of the users who accessed the malicious server related to the attack are from the United States.

    Full story: Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements


    Security Advisory for Adobe Flash Player


    Release date:
    February 2, 2015
    Vulnerability identifier: APSA15-02
    CVE number: CVE-2015-0313
    Platform: All Platforms

    Summary

    A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh.
    Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
    We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

    Adobe expects to release an update for Flash Player during the week of February 2.
    For more information on updating Flash Player please refer to this post.

    https://helpx.adobe.com/security/pro...apsa15-02.html
    Last edited by hackerman1; 3rd February 2015 at 16:31.

  2. #2
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,401

    Default

    Vulnerabilities being found in Adobe Flash ... it has almost ceased to be news!

  3. #3
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    A week without a new vulnerability in Flash Player, that would be news....
    HappyAndyK likes this.

  4. #4
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    Adobe has released an update (16.0.0.305) now, it has been available for hours.
    But for some odd reason itīs still not available for direct-download !?
    You have to download it from their Player Download Center.

    This is very annoying, forcing people to download from their download-center,
    just so they can trick people into installing unnessecary software.

    Note: be careful, because they try to get you to install the "McAfee Security Scan Plus utility",
    which you do not need in order to update Adobe Flash Player.

    Unless you really want it, make sure that you uncheck that option.

    Or you can wait until Adobe wakes up and releases the update for direct-download...

    ADOBE FLASH PLAYER, FIREFOX AND OPERA

    ADOBE FLASH PLAYER, INTERNET EXPLORER


    All this makes you look for the day when Adobe Flash Player is dead, and you donīt need it anymore....
    More info: Adobe Flash Player will soon be dead !
    Last edited by hackerman1; 6th February 2015 at 14:35.

  5. #5
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    The update is now available for direct-download:

    ADOBE FLASH PLAYER, FIREFOX AND OPERA

    ADOBE FLASH PLAYER, INTERNET EXPLORER

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22