Flash 0-Day Exploit Used by Angler Exploit Kit
The "Angler" exploit kit is a tool frequently used in drive-by download attacks to probe the browser for different vulnerabilities, and then exploit them to install malware. The exploit kit is very flexible and new exploits are added to it constantly.
However, the blog post below shows how this exploit kit is currently using an unpatched Flash 0-day to install malware. Current versions of Windows (e.g. Window 8 + IE 10) appear to be vulnerable. Windows 8.1, or Google Chrome do not appear to be vulnerable.
This is still a developing story, but typically we see these exploits more in targeted attacks, not in widely used exploit kits. This flaw could affect a large number of users very quickly. Please refer to the original blog for details.
[1] http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Comments
Update: "... tested it against the free version of Malwarebytes Anti Exploit* (a product from one of my customers). That stopped it. Well done!..."
* https://www.malwarebytes.org/antiexploit/
.
Anonymous
Jan 21st 2015
9 years ago
https://technet.microsoft.com/en-us/library/dn761713.aspx https://iecvlist.microsoft.com/ie11blocklist/1401746408/versionlist.xml
It's sleep time here, but anyone else want to take a stab?
Anonymous
Jan 22nd 2015
9 years ago
Jan 22, 2015 - "... Chrome’s version of the Flash Player plugin is sandboxed, mitigating potential effects to end users. Firefox is also immune to this threat..."
Geographic distribution of users affected by Angler
> http://blog.trendmicro.com/trendlabs-security-intelligence/files/2015/01/Geographic-Distribution-of-Users-Affected-by-Angler-01.jpg
.
Anonymous
Jan 22nd 2015
9 years ago
Pps
Presumably the chrome pepper flash plugin is harder to exploit (and is possibly partially sandboxed, and if I recall correctly auto updates without chrome having to necessarily)
Anonymous
Jan 22nd 2015
9 years ago
Anonymous
Jan 22nd 2015
9 years ago
Anonymous
Jan 22nd 2015
9 years ago
http://www.chromium.org/administrators/policy-list-3 | DefaultPluginsSetting=3 (click to play) | PluginsAllowedForUrls
>if I recall correctly [chome] auto updates [the flash plugin] without chrome having to necessarily
to correct myself, that's probably incorrect (chrome sys update, not just the flash plugin itself)
https://support.google.com/chrome/answer/108086?hl=en
in any case I digress, given >Chrome’s version of the Flash Player plugin is sandboxed, mitigating potential effects to end users.
Anonymous
Jan 22nd 2015
9 years ago
The relevant Adobe bulletin can be found at:
h t t p://helpx.adobe.com/security/products/flash-player/apsb15-02.html
I have just updated my main Windows 7 SP1 x64 build laptop today and will run a few tests to see if I get any issues.
Anonymous
Jan 22nd 2015
9 years ago
Windows 8.1 32bits, Internet Explorer 11, Flash 16.0.0.257
EMET detected StackPivot mitigation and will close the application: iexplore.exe
Anonymous
Jan 22nd 2015
9 years ago