OOB Adobe patch!

Published: 2015-01-22
Last Updated: 2015-01-22 18:50:08 UTC
by Adrien de Beaupre (Version: 1)
4 comment(s)

Adobe has released an advisory regarding an out of band security update for Flash, APSB15-02 1. It is a fix for CVE-2015-0310, which is reserved but for which there is little additional information at the NIST or Mitre sites. Most likely this is the previously reported 0day 2. There are reports that this vulnerability is actively being exploited, and that it is part of a crimeware kit. This would be a highly recommended patch! If you have the Adobe Flash Player installed apply the update. All versions on all platforms appear to be vulnerable. 

1- http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

2- https://isc.sans.edu/forums/diary/Flash+0Day+Exploit+Used+by+Angler+Exploit+Kit/19213/

Adrien de Beaupré
Intru-shun.ca Inc.
My SANS teaching schedule

4 comment(s)


The Adobe Flash OOB doesn't fix the previously reported 0day (completely). Adobe rates this security update a priority 2 and not 1. In the details of Adobe Security Bulletin APSB15-02 you can read "Additionally, we are investigating reports that a separate exploit for Flash Player and earlier also exists in the wild."

Security researcher Kafeine has found out that the 0-day isn't fixed completely in Adobe Flash version From the three exploits used in Angler Exploit Kit the 1st (CVE-2014-8440) was fixed with APSB14-24 (released on 11-11-2014), the 2nd (CVE-2015-0310) is fixed with APSB15-02 (released today) and a 3rd exploit which isn't fixed yet.

See also http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
Kafeine reports EMET 5.1 blocked the exploit in a superficial, single configuration test:

Windows 8.1 32bits, Internet Explorer 11, Flash

EMET detected StackPivot mitigation and will close the application: iexplore.exe

Not the patch. As above another cve. Unclear if mitigates the EK 0day or not really
A Security Bulletin (APSB15-02) has been published regarding security updates for Adobe Flash Player. These updates address a vulnerability (CVE-2015-0310) that could be used to circumvent memory randomization mitigations on the Windows platform. Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player."
'Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

Yang Dingning, working with the Chromium Vulnerability Rewards Program, Timo Hirvonen of F-Secure and Kafeine (CVE-2015-0310)'

Diary Archives