Results 1 to 5 of 5

Thread: Adobe Flash/Acrobat/Reader exploits-in-the-wild

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Flash/Acrobat/Reader exploits-in-the-wild

    FYI...

    Flash 0-Day Exploit used by Angler Exploit Kit
    - https://isc.sans.edu/diary.html?storyid=19213
    2015-01-21 - "The "Angler" exploit kit is a tool frequently used in drive-by download attacks to probe the browser for different vulnerabilities, and then exploit them to install malware. The exploit kit is very flexible and new exploits are added to it constantly. However, the blog post below* shows how this exploit kit is currently using an unpatched Flash 0-day to install malware. Current versions of Windows (e.g. Window 8 + IE 10) appear to be vulnerable. Windows 8.1, or Google Chrome do not appear to be vulnerable... typically we see these exploits more in targeted attacks, not in widely used exploit kits. This flaw could affect a large number of users very quickly..."
    * http://malware.dontneedcoffee.com/20...-in-flash.html
    2015-01-21 - "... Angler EK exploiting last version (16.0.0.257) of Flash..."
    Update: "... tested it against the free version of Malwarebytes Anti Exploit* (a product from one of my customers). That stopped it. Well done!..."
    * https://www.malwarebytes.org/antiexploit/

    - http://blog.trendmicro.com/trendlabs...-new-zero-day/
    Jan 22, 2015 - "... Chrome’s version of the Flash Player plugin is sandboxed, mitigating potential effects to end users. Firefox is also immune to this threat..."
    Geographic distribution of users affected by Angler
    > http://blog.trendmicro.com/trendlabs...-Angler-01.jpg

    Last edited by AplusWebMaster; 2015-01-22 at 16:40.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Full Flash fix -NOT- available ...

    FYI...

    - http://blog.trendmicro.com/trendlabs...-new-zero-day/
    Update as of January 22, 2015, 9:30 PM PST: "... Adobe released an update to Flash, bringing the latest version to 16.0.0.287. However, this does -not- patch the vulnerability described in this post. Instead, it fixes a -separate- vulnerability (CVE-2015-0310). A patch for the vulnerability described here (now designated as CVE-2015-0311) will be released sometime next week.*
    In the mean time, we note that Chrome is still unaffected by this vulnerability. Users of other browsers who are unable to disable Flash Player (due to usability issues) can consider downloading ad blocking software or extensions, which would help in reducing the exposure to this threat."

    > http://malware.dontneedcoffee.com/20...-in-flash.html
    "... Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled.
    [Edit : 2015-01-22 - 15:30 GMT+2] Til this morning Firefox users were safe. Angler EK coders [hacks] 'fixed' the issue... and they are now under fire as well..."

    * https://helpx.adobe.com/security/pro...apsa15-01.html
    Updated: Jan 22, 2015 - "... We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below. Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26..."
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-0311
    Last revised: 01/23/2015

    >> Recommend: DISABLE Flash extension/Plugin until that fix is available.
    >> Firefox: >Tools >Addons >Plugins >Shockwave Flash 16.0.0.287 - Never Activate.

    ... until NEW UPDATED FIX from Adobe is released/installed.
    ___

    See: http://forums.spybot.info/showthread...l=1#post461336
    Jan 24, 2015 - "... 16.0.0.296 available..."

    Last edited by AplusWebMaster; 2015-01-26 at 18:01.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Another Flash Player 0-day exploit in-the-wild ...

    FYI...

    Flash 16.0.0.305 - see: http://forums.spybot.info/showthread...l=1#post461790
    Feb 4, 2015
    ___

    Another Flash Player 0-day exploit in-the-wild ...
    - https://helpx.adobe.com/security/pro...apsa15-02.html
    Feb 2, 2015
    CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-0313 - 10.0 (HIGH)
    Last revised: 02/04/2015 - "... as exploited in the wild in February 2015."
    Platform: All Platforms
    Summary: A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. Adobe expects to release an update for Flash Player during the week of February 2.
    Affected software versions:
    - Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh
    - Adobe Flash Player 13.0.0.264 and earlier 13.x versions

    Revisions: Removed Flash Player version 11.x from the list of affected versions. Version 11.x and earlier do not support the functionality affected by CVE-2015-0313.

    > https://blogs.adobe.com/psirt/?p=1171
    Feb 2, 2015

    - https://isc.sans.edu/diary.html?storyid=19269
    Last Updated: 2015-02-02 15:12:32 UTC

    - http://blog.trendmicro.com/trendlabs...lvertisements/
    Feb 2, 2015 - "... a new zero-day exploit in Adobe Flash used in -malvertisement- attacks. The exploit affects the most recent version of Adobe Flash, and is now identified as CVE-2015-0313... So far we’ve seen around 3,294 hits related to the exploit, and with an attack already seen in the wild, it’s likely there are other attacks leveraging this zero-day, posing a great risk of system compromise to unprotected systems. Since the exploit affects the latest version of Flash, 16.0.0.296, users may consider -disabling- Flash Player until a fixed version is released. Adobe has confirmed that this is a zero-day exploit and the patch is expected to be available this week to address this..."
    ___

    How to Disable Flash:

    In I/E: http://www.ehow.com/how_7332733_turn-off-flash.html
    •1 Launch Internet Explorer. Click "Tools" and click "Internet Options." Click the "Programs" tab.

    •2 Open the "Manage add-ons" button. Click the drop-down list under "Show" and select "Run without permission."

    •3 Click "Shockwave Flash Object" under the "Adobe System Incorporated" section. Click the "Disable" button. Reboot your system.
    ___

    In Chrome: http://www.ehow.com/how_8270649_disa...sh-chrome.html

    - Enter the following address in Chrome’s address bar to access the Plug-ins screen:
    chrome://plugins/

    Scroll down the list of plug-ins and click the “Disable” link located at the bottom of the Adobe Flash Player section to disable Flash.
    ___

    In Firefox: Tools> Addons> Plugins> Shockwave Flash - Never Activate

    >> Browser check: https://browsercheck.qualys.com/?scan_type=js

    Last edited by AplusWebMaster; 2015-02-05 at 03:07.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 0-Day in-the-wild ...

    FYI...

    FIX: https://forums.spybot.info/showthrea...637#post466637
    ___

    Flash 0-Day used in Pawn Storm...
    >> http://blog.trendmicro.com/trendlabs...torm-campaign/
    Oct 13, 2015 - "... the attackers behind Pawn Storm[1] are using a new Adobe Flash zero-day exploit in their latest campaign. Pawn Storm is a long-running cyber-espionage campaign known for its high-profile targets and usage of the first Java zero-day* we’ve seen in the last couple of years... Based on our analysis, the Flash zero-day affects at least Adobe Flash Player versions 19.0.0.185 and 19.0.0.207... We have notified Adobe about our discovery and are working with them to address this security concern. Updates to this entry will be made once more information is available."

    'Suggest Flash be -disabled- immediately until a new fix/release from Adobe is available...

    * 'Suggest Java be disabled, too. Next scheduled release of Java update due 10.20.2015.
    - https://community.qualys.com/blogs/l...y-october-2015
    Oct 13, 2015 - "... Oracle will have their CPU later this month, on the 20th..."

    1] https://www.trendmicro.com/vinfo/us/...orm-fast-facts
    ___

    >> https://helpx.adobe.com/security/pro...apsa15-05.html
    Oct, 14, 2015 - "... A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.
    UPDATE: Adobe expects updates to be available as early as October 16."

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-7645
    10/15/2015 - "... as exploited in the wild in October 2015."

    Last edited by AplusWebMaster; 2015-10-16 at 21:14.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 0-day in-the-Wild - fix available

    FYI...

    Adobe Flash 0-day (CVE-2016-1019) in-the-Wild - Exploit Kits delivering Ransomware
    - http://blog.trendmicro.com/trendlabs...n-exploit-kit/
    April 7, 2016 - "... Trend Micro has observed active zero day attacks from the Magnitude Exploit Kit affecting users of Flash 20.0.0.306 and earlier. These attacks are not effective against users of Flash versions 21.0.0.182 and 21.0.0.197. This is because of a heap mitigation that Adobe introduced in version 21.0.0.182 and is also present in version 21.0.0.197. Users of these versions will only experience a crash in Adobe Flash when attacks attempt to exploit the vulnerability. All users are highly recommended to immediately update their systems with the latest security fix* as this is actively being exploited in the wild. Prior to today’s security fix, we observed the exploit kit already integrating this vulnerability in its arsenal, which leaves systems infected with ransomware..."
    * https://helpx.adobe.com/security/pro...apsb16-10.html

    >> https://forums.spybot.info/showthrea...863#post469863

    - https://atlas.arbor.net/briefs/index#-169418222
    April 07, 2016 21:52

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2016-1019
    Last revised: 04/07/2016
    10.0 HIGH
    "Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016."

    Last edited by AplusWebMaster; 2016-04-08 at 18:23.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •