Incident Response, TDR

Researchers observe new Flash Player zero-day bug being exploited

Adobe issued two separate fixes at the end of January to address two separate zero-day vulnerabilities identified in Flash Player – now Adobe is warning users of another Flash Player zero-day bug that the company says is reportedly being exploited in the wild.

The vulnerability – CVE-2015-0313 – affects Flash Player and earlier versions for Windows and Macintosh, Flash Player and earlier 13.x versions, and Flash Player and earlier versions for Linux, according to a Monday post.

Adobe considers the vulnerability to be critical in severity, and explained in the post that it is aware of reports that the bug is being actively exploited in drive-by download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

Successful exploitation of the vulnerability could cause a crash and enable an attacker to take complete control of the victim's system, the post indicates.

“The attacker can run code as if the user chose to run it,” Christopher Budd, global threat communications manager with Trend Micro, told in a Monday email correspondence. “Anything the user can do, the attacker can do.”

Adobe credited Trend Micro with assisting in identifying the vulnerability. In its own Monday post, the security company said that the Flash vulnerability is being used in malvertising attacks.

“Our initial analysis suggests that this might have been executed through the use of the Angler Exploit Kit, due to similarities in obfuscation techniques and infection chains,” Peter Pi, threats analyst with Trend Micro, wrote in the post.

Trend Micro researchers observed that visitors to the Dailymotion website were being redirected to a specific URL where the exploit was being hosted, Pi wrote, adding the exploit is identified by Trend Micro as SWF_EXPLOIT.MJST.

Although Pi wrote that the advertisements appear to be down as of Monday, Trend Micro has been monitoring the threat since Jan. 14 and observed roughly 3,294 hits related to the exploit, the majority of which came from the U.S.

“Trend Micro customers are already protected: they don't need to do anything,” Budd said. “Adobe is working on a patch they expect to deliver this week. Until then, people without Trend Micro solutions should consider disabling Adobe Flash.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.