Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Adobe Flash Zero-Day found in the Wild


  • Please log in to reply
23 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:09:21 AM

Posted 21 January 2015 - 09:06 PM


 

Security researcher Kafeine has discovered a Zero-Day in Adobe Flash Player distributed through the Angler Exploit Kit.

Flash has been plagued with critical vulnerabilities in the past few months and surpassed the no longer popular Java as the most exploited plugin.

We immediately got our hands on this new Zero-Day (thanks Kafeine) and were able to replay it as well with the goal of testing our Anti-Exploit product:

 

On unprotected machines, the Angler Exploit Kit will install Bedep, a distribution botnet that can load multiple payloads on the infected host.

https://blog.malwarebytes.org/exploits-2/2015/01/new-adobe-flash-zero-day-found-in-the-wild/


Edited by NickAu, 21 January 2015 - 09:08 PM.


BC AdBot (Login to Remove)

 


#2 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:03:51 AM

Posted 21 January 2015 - 09:44 PM

Another reason why I shouldn't go back to Adobe Flash Player.
Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#3 rp88

rp88

  • Members
  • 3,060 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:21 PM

Posted 22 January 2015 - 01:25 PM

When can we expect an update patched version of adobe flash player released to fix this? Advice to everyone:Make sure to keep adobe flash player either disabled or "click to play", it's good for security and it speeds up times for pages to load.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:21 PM

Posted 22 January 2015 - 06:22 PM

Surpassing Java as the most exploited plugin...that's an accomplishment no vendor should want.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:03:21 PM

Posted 23 January 2015 - 08:58 AM

When can we expect an update patched version of adobe flash player released to fix this?

...next week.
 
As mentioned above, the 0-day exploit in question is the Angler EK, and if you have already installed Malwarebytes Anti-Exploit (MBAE) your systems are more than adequately protected against this exploit.
 
Reference: http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
 
http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
 
http://blogs.adobe.com/psirt/?p=1160

Edited by 1PW, 23 January 2015 - 09:12 AM.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#6 rp88

rp88

  • Members
  • 3,060 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:21 PM

Posted 23 January 2015 - 07:12 PM

I think the fix might have been released already, my flash player plugin (for firefox) updated itself late last night to version 16.0.0.287 and today/yesterday microsoft released an update kb3033408.


http://support.microsoft.com/kb/3033408

I would find it surprising for those updates to be released on those dates if thye were not for solving this vulnerability, microsoft has released this update on a day that wasn't a tuesday so if not to fix this I can't see why they would release on that date.

Edited by rp88, 23 January 2015 - 07:14 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:21 PM

Posted 23 January 2015 - 07:30 PM

I think the fix might have been released already...

The updates were released the morning of January 22.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 13,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:09:21 AM

Posted 25 January 2015 - 04:19 PM

 

PATCH FOR SECOND ZERO-DAY
Today, Adobe released an updated version of its Flash player software that patches a zero-day vulnerability, tracked as CVE-2015-0311, spotted by French security researcher Kafeine at the beginning of the week.
 
The vulnerability is "being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below," Adobe said in a security advisory. The company defines CVE-2015-0311 as "critical," which means that "the vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware."
 
DRIVE-BY-DOWNLOAD ATTACKS
In case of a "drive-by-download" attack, an attacker downloads a malicious software to a victim's computer without their knowledge or explicit consent. As a result, the flaw could allow remote attackers to take control of victims’ Macs or PCs.
 
According to the tests carried out by the security researcher, CVE-2015-0311 affected all versions of Flash Player included in any version of Windows operating system, any version of Internet Explorer (IE) and Mozilla Firefox as well. However, the Google Chrome users were safe as the exploit was not triggered on Chrome.
 
AFFECTED SOFTWARE VERSIONS
 
  • Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 13.0.0.262 and earlier 13.x versions
  • Adobe Flash Player 11.2.202.438 and earlier versions for Linux

Adobe patches 2nd Flash Player Zero-day Vulnerability



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:21 PM

Posted 25 January 2015 - 04:29 PM

Ant that's why we have...

Occupy Flash...The movement to rid the world of the Flash Player plugin
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:03:21 PM

Posted 25 January 2015 - 04:55 PM

And that's why we also need...

 

Occupy Java

 

I apologize to all if this starts a flame war.

 

The devil made me do this...


All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#11 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 13,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:09:21 AM

Posted 25 January 2015 - 04:59 PM

And can we also have
Occupy Microsoft

Nobody made me do it.

Edited by NickAu, 25 January 2015 - 04:59 PM.


#12 rp88

rp88

  • Members
  • 3,060 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:21 PM

Posted 25 January 2015 - 06:39 PM

Looks like flash has on my machine updated itself to solve this, It was running in task manager for some reason earlier today and i guess that must have been when it updated. Flash seems to be version 16.0.0.296 now. That windows update then, for flash, KB3033408 did that solve the EARLIER vulnerability that flash updated to 16.0.0.287 to protect against? or was that windows update already solving THIS flash vulnerability? Are we going to be getting another windows update to replace KB3033408 or something along those lines?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:21 PM

Posted 25 January 2015 - 06:49 PM

v16.0.0.296 was the latest release this morning.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 13,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:09:21 AM

Posted 25 January 2015 - 06:55 PM

I notice there  were updates  for Linux flash this morning also



#15 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 13,556 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:09:21 AM

Posted 26 January 2015 - 03:17 PM

 

Adobe Systems is once again rolling out an emergency Flash update that patches a critical vulnerability under active attack to compromise the computers of unsuspecting users.

The latest Flash versions fix a remote code-execution bug that, as Ars reported last week, recently came under attack in the Angler exploit kit. Malware purveyors and other types of online crooks use such kits to seed compromised websites with attack code. Once people visit the sites with vulnerable computers, the booby-trapped pages surreptitiously exploit the vulnerabilities and install backdoors that can be used to log keystrokes, steal passwords, and install new pieces of malware at will.

The tooth gnashing you hear is from Flash users installing a new 0day patch




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users