Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Zero-day hole for latest Adobe Flash Player


  • Please log in to reply
65 replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 24,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 02 February 2015 - 10:04 PM

 
Summary

A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. 

Adobe expects to release an update for Flash Player during the week of February 2.

 

 

https://helpx.adobe.com/security/products/flash-player/apsa15-02.html



BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:03:30 PM

Posted 02 February 2015 - 10:26 PM

I will be having a metting to discuss removing this off all machines in the LAN from the powers that be at work, im personally getting sick of the constant patching that takes up time.

This is the new java and its timje to say "You are the weakest link....... Good Bye"


Edited by JohnnyJammer, 02 February 2015 - 10:27 PM.


#3 rp88

rp88

  • Members
  • 3,067 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:30 AM

Posted 03 February 2015 - 09:35 AM

removing flash? perhaps better to just set it to "click to play" or "ask to activate" (depending on browser) and then remove IE and chrome and install firefox with NoScript, that way you can still have flash when needed but it won't run at any other time. I'm sure the users in whichever organisation you work for can learn to use the web with one or two more "allow example.com" clicks.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 03 February 2015 - 02:13 PM

There are business applications that only work with IE. Not with Chrome or Firefox. So for most companies, removing IE is not an option.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 dinodod

dinodod

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 03 February 2015 - 04:21 PM

I will be having a metting to discuss removing this off all machines in the LAN from the powers that be at work, im personally getting sick of the constant patching that takes up time.

This is the new java and its timje to say "You are the weakest link....... Good Bye"

 

All software needs patching, this is nothing special.  HTML5 will be the 'next' Java you know.  If you have the right tools in place, patching software is easy.  


Essential Tools for safe computing

https://sites.google.com/site/dinodod/pc-standards

 

Please leave a comment on anything relative and help me expand on it.

 


#6 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:03:30 PM

Posted 03 February 2015 - 05:39 PM

I have written applications that rely on IE control so removing IE is definatley not an option.

 

im just gettign sick of having to push out new updates in what appears to be every few days to a week with flash latley.

Problem is a lot of council websites reply on flash and they also have many induction sites for flash as well.

 

I removed all java accept for one server and we have managed just fine.


Edited by JohnnyJammer, 03 February 2015 - 05:40 PM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 03 February 2015 - 09:13 PM

There are business applications that only work with IE. Not with Chrome or Firefox. So for most companies, removing IE is not an option.


Sigh, sadly I know exactly what you're talking about since I work for one of these companies. At least now we are allowed to update our Java whenever a new version is being released. Yet we are still stuck with Adobe Flash Player 11 or 13 I think. Talk about a huge security hole. I can't even imagine the number of exploits that exists between this version and the current one. It's just a matter of time before an employee gets hit by an Exploit Kit and that we get stuck with a Cryptoware on our hands. The day it'll happen, I'll go see our Security team and tell them "I told you it would happen eventually".

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:03:30 PM

Posted 03 February 2015 - 10:27 PM

Who ever is running your network Aura should be sacked ASAP.

Thats just asking for trouble.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 03 February 2015 - 10:29 PM

If only you knew... I'm going to work tomorrow, if I remember it, I'll make you a list of all the outdated software we use as well as the current setup that could be exploited by malware. I know that security is taken very seriously there but only access wise and not infection, malware wise which could end up costing the company a lot.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:09:30 PM

Posted 04 February 2015 - 03:36 AM

MBAE has been/is now/and will stop the HanJuan EK till Adobe releases their next Flash Player patch for CVE-2015-0313.

 

https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-66#post-2455785

 

EDIT: Just as I unknowingly posted the erroneous link, my ISP failed in my section of my community for about 3.5 hours. No prior notice was given by my ISP and now my WAN address is new. It's one of the big providers that we love to hate.

 

I sincerely apologize for the confusion that followed.


Edited by 1PW, 04 February 2015 - 06:43 AM.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:30 AM

Posted 04 February 2015 - 03:50 AM

MBAE can/will stop the HanJuan EK till Adobe releases their next Flash Player patch for CVE-2015-0313.

Mod Edit by quietman7: Removed bad link.

Why are you linking to a spam post in the Malwarebytes forum?

But yes, MBAE will help mitigrate these kinds of things. I play a Facebook game, so using NoScript or removing Flash is not an option - it'll break my game. Instead I have to rely on MBAE and safe surfing to keep me safe.

Regards,
Alex

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,889 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 AM

Posted 04 February 2015 - 06:06 AM

Why are you linking to a spam post in the Malwarebytes forum?

Most likely just a bad link...I'm sure it wasn't intentional.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 04 February 2015 - 06:24 AM

MBAE can/will stop the HanJuan EK till Adobe releases their next Flash Player patch for CVE-2015-0313.
.
Mod Edit by quietman7: Removed bad link.

Why are you linking to a spam post in the Malwarebytes forum?

But yes, MBAE will help mitigrate these kinds of things. I play a Facebook game, so using NoScript or removing Flash is not an option - it'll break my game. Instead I have to rely on MBAE and safe surfing to keep me safe.

Regards,
Alex

 
Facebook games still using Adobe Flash, maybe one day they'll realize how "bad" it is and they'll change engine, who knows.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:09:30 PM

Posted 04 February 2015 - 06:42 AM

I've edited post #10 now that my ISP has restored Internet service...

 

I apologize to all.

 

Thank you.


Edited by 1PW, 04 February 2015 - 06:43 AM.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#15 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:30 AM

Posted 04 February 2015 - 06:53 AM

quietman7, can you remove the bad link in my post? It got canned already by the MBAM staff anyway.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users