Recently Fixed Flash Player Zero-Day Used to Deliver Ransomware

[starbuck]

Less than a week after Adobe rolled out a patch for a zero-day vulnerability in Flash Player that was exploited in the wild by a cyber-espionage group, malware researchers found it was leveraged by cybercriminals for purely financial purposes, infecting computers with CryptoWall ransomware.

The latest version of Flash Player, 18.0.0.194, which is available since June 23, is the result of an emergency update that fixes a heap buffer overflow (CVE-2015-3113).

Security researchers at FireEye reported the glitch to the developer and found that Chinese threat actor APT3 was already taking advantage of it to spy on organizations in multiple sectors: aerospace and defense, construction and engineering, high tech, telecommunications and transportation.

Interestingly, only four days after the public patch, independent security researcher Kafeine spotted the exploit in a cybercriminal browser-based attack tool called Magnitude exploit kit.

In a blog post on Sunday, Kafeine explained that Magnitude’s final payload was the infamous CryptoWall ransomware, and that malicious SWF and FLV files were used in the process.

In a separate analysis, Jerome Segura of Malwarebytes confirmed the use of a “booby trapped SWF, followed by a malicious FLV (Flash Video) file.”

Audio codec problem at the root of two vulnerabilities

It is unclear how the cybercriminals managed to develop an exploit for CVE-2015-3113 this fast, but such quick undertaking was recorded in the past with other Flash vulnerabilities.

In this case, it appears that the ground for creating the malicious code was already laid by another security flaw, CVE-2015-3043, repaired by Adobe in April, which was also being leveraged in the wild at the time the patch was released.

Referring to the same root cause for the two flaws, Segura says that Flash Player is “a hacker’s favorite due to its huge user base and reusable security flaws.
Indeed, attackers have the advantage as they can refactor an exploit to bypass a previous patch that didn’t completely address an insecure or complex coding implementation.”


Source:
http://news.softpedia.com/news/rece...o-day-used-to-deliver-ransomware-485522.shtml

 

[Mommalina]

Darn it, I just installed it. I even agreed to automatic updates.

What do I do? Can I uninstall just the update?

 

[AWS]

This is why I stopped using flash player a couple years ago. It has proved to be the single most vulnerable piece of software ever made.

 

[Mommalina]

This is why I stopped using flash player a couple years ago. It has proved to be the single most vulnerable piece of software ever made.

What do you use instead of flash player?

How do I get rid of flash player?

 

[AWS]

What do you use instead of flash player?

How do I get rid of flash player?

Most video sites use a HTML 5 player to render videos. I used ad/remove programs and uninstalled it. So far I haven't had any problems with any video site.

At YouTube you have to adjust your settings to use HTML 5 instead of flash although it will auto-detect that you don't have flash installed.

 

[Plastic Nev]

Having flash installed isn't really a problem in itself, it is only if you get caught on a hacked video website or click to play a malware loaded video is when you get the problems.
As Bob said though, Youtube stopped using the Flash player and went over to the HTML5 player which works well in Firefox and most other up to date browsers including IE11.
It won't be long before other video hosting sites move to HTML5 so Flash player will basically become redundant any way.

 

[Mommalina]

My thanks to AWS and to Plastic Nev ..

There were two Flash Player listings in Add/Remove
Programs, and I deleted both of them.

Will see what happens.