Malefactors actively use 0day vulnerability of Flash Player for cyber attacks
Yesterday we published information about a new very dangerous vulnerability in the Adobe Flash Player (Hacking Team RCE Flash Player 0day), which can be used by attackers to remotely execute code and install malware on all popular browsers, including MS IE, MS Edge (Windows 10) , Google Chrome, Opera, Mozilla Firefox, and the exploit also supports Apple OS X. At the same time, we indicated that attackers could take advantage of this vulnerability for their own purposes. Our predictions came true in full, the authors of the most common exploit kits have already added it to their arsenal and use drive-by download to conduct attacks.
Adobe yesterday released security notice APSA15-03 , which states that the vulnerability has been assigned the identifier CVE-2015-5119 and it affects the Flash Player on Windows, Linux and OS X platforms. Adobe also indicated the release date of the fix - July 8, i.e. . Today.
')
Our antivirus products detect an exploit for this vulnerability as SWF / Exploit.Agent.IG and SWF / Exploit.ExKit.AX . An exploit can also be blocked using EMET, which we wrote about many times before.
An exploit for CVE-2015-5119 has been added to at least such exploit kits as Angler, Neutrino and Nuclear Pack. According to the explorer of the kafeine exploit kit, they distribute various exploit modifications with the following identifiers.
SHA256: aff5d2b970882786538199553112edbfe6f14e945374aa88cac6d34bec8760ca
www.virustotal.com/file/aff5d2b970882786538199553112edbfe6f14e945374aa88cac6d34bec8760ca/analysis/1436307118
SHA256: 4464720e2a849f42c7ed827901330bb2fa7d219c22e57d96db894013810705d8
www.virustotal.com/file/4464720e2a849f42c7ed827901330bb2fa7d219c22e57d96db894013810705d8/analysis/1436309989
SHA256: 7b7141d59d4e07f7f958acac137ccfec105d046732de65e128a07bbf5f0a0baa
www.virustotal.com/file/7b7141d59d4e07f7f958acac137ccfec105d046732de65e128a07bbf5f0a0baa/analysis/1436310916
It should be noted that the working version of the 0day LPE exploit for the up-to-date version of Windows 8.1 (atmfd.dll) (Hacking Team archive), which can be used by attackers for elevating privileges in malicious programs or bypassing sandbox in IE, has already begun to walk around the network. .
We strongly recommend that users disable Flash Player for their browser before the release of the fix by Adobe. Instructions for this process can be found here .
UPD: Vulnerability closed by update APSB15-16.
helpx.adobe.com/security/products/flash-player/apsb15-16.html
be secure.
Adobe yesterday released security notice APSA15-03 , which states that the vulnerability has been assigned the identifier CVE-2015-5119 and it affects the Flash Player on Windows, Linux and OS X platforms. Adobe also indicated the release date of the fix - July 8, i.e. . Today.
')
Our antivirus products detect an exploit for this vulnerability as SWF / Exploit.Agent.IG and SWF / Exploit.ExKit.AX . An exploit can also be blocked using EMET, which we wrote about many times before.
An exploit for CVE-2015-5119 has been added to at least such exploit kits as Angler, Neutrino and Nuclear Pack. According to the explorer of the kafeine exploit kit, they distribute various exploit modifications with the following identifiers.
SHA256: aff5d2b970882786538199553112edbfe6f14e945374aa88cac6d34bec8760ca
www.virustotal.com/file/aff5d2b970882786538199553112edbfe6f14e945374aa88cac6d34bec8760ca/analysis/1436307118
SHA256: 4464720e2a849f42c7ed827901330bb2fa7d219c22e57d96db894013810705d8
www.virustotal.com/file/4464720e2a849f42c7ed827901330bb2fa7d219c22e57d96db894013810705d8/analysis/1436309989
SHA256: 7b7141d59d4e07f7f958acac137ccfec105d046732de65e128a07bbf5f0a0baa
www.virustotal.com/file/7b7141d59d4e07f7f958acac137ccfec105d046732de65e128a07bbf5f0a0baa/analysis/1436310916
It should be noted that the working version of the 0day LPE exploit for the up-to-date version of Windows 8.1 (atmfd.dll) (Hacking Team archive), which can be used by attackers for elevating privileges in malicious programs or bypassing sandbox in IE, has already begun to walk around the network. .
We strongly recommend that users disable Flash Player for their browser before the release of the fix by Adobe. Instructions for this process can be found here .
UPD: Vulnerability closed by update APSB15-16.
helpx.adobe.com/security/products/flash-player/apsb15-16.html
be secure.
Source: https://habr.com/ru/post/262061/
All Articles