Adobe Flash Player zero-days flood the market as Adobe issues patches; update your Flash Player NOW
Over past few days over three zero-days have been discovered in Adobe Flash Player which are being exploited by cybercriminals in the wild. The speed at which the zero-days and vulnerabilities are being made public may even shock the Adobe engineers who are already working overtime to fix the old zero-days already discovered.
Just two days ago a third zero-day was reported which was being exploited by cybercriminals to serve malvertisements to the victims which then go on to install a malware. The vulnerability was discovered by Trend Micro Labs and is being actively exploited in drive-by-download attacks that target systems running Flash Player under Internet Explorer or Mozilla Firefox on Windows 8.1 and below, Adobe said in a security advisory published on Monday.
The vulnerability, which is designated as CVE-2015-0313 affects Flash Player on all supported platforms: Adobe Flash Player 22.214.171.1246 and earlier versions for Windows and Mac OS X; Adobe Flash Player 126.96.36.1994 and earlier 13.x versions; and Adobe Flash Player 188.8.131.520 and earlier versions for Linux.
Yesterday, Trend Micro Labs discovered that the same zero-day vulnerability was being exploited by cybercriminals to infect systems with a dangerous BEDEP malware variant. The discovery was reported on Trend Micro Labs blog by research engineer Alvin Bacani who has stated that hackers began targeting the zero-day within 5 days of its discovery.
“Continuing our analysis of the recent Adobe zero-day exploit, we find that the infection chain does not end with the Flash exploit, detected as SWF_EXPLOIT.MJST. Rather, the exploit downloads and executes malware belonging to the BEDEP family.”
Trend Micro reported uncovering the Flash flaw on 2 February, warning that attackers could target victims with malvertising attacks. While Trend Micro Lab researchers originally believed that the zero-day was being exploited by hackers using the Angler Exploit Kit to send malicious automatic pop-up adverts further research proved that the hackers were infecting the victims with the vicious BEDEP variant.
Bacani has explained on the blog post that BEDEP employs the same malvertising infection tactic, but uses the Hanjuan exploit kit to connect victim machines to a criminal botnet.
“Based on our analysis, the infection chain begins with a site that hosts malvertisements. As the name implies, these are infected online advertisements,” the blog states. “Our recent findings also show that the malware’s main purpose is to turn infected systems into botnets for other malicious intentions. Additionally, BEDEP is known for carrying out advertising fraud routines and downloading additional malware.”
Trend Micro Labs researchers dont know the full scale of this campaign because of the very nature of the BEDEP malware makes tracking the attacks difficult. “The fact that the payloads are encoded can be seen as one way of evading detection. An encoded payload will be difficult to identify when passing through the network layer, or when scanned in any layer in an encoded state,” noted Bacani. “BEDEP initially came undetected and unnoticed due to its heavy encryption and use of Microsoft file properties for its disguise as well as the use of seemingly legitimate export functions,” he added.
It was also reported that video sharing website, Dailymotion was being used to infect its users with malware but Dailymotion has issued a statement saying that it wasn’t affected by the Flash Player zero-day.
“Dailymotion wishes to inform its users that contrary to some reports, a recent Flash vulnerability did not affect any users. Dailymotion monitors the quality of ads delivered on its website through the robust technology of its advertising partners, as well as through partnerships with specialized third-party services. These partners control the overall quality of ads and in particular, the possible presence of malicious software by screening each advertising campaign and creatives that run on all of Dailymotion’s platforms.”
Adobe said the February 5 patch batch addresses 18 CVE-listed vulnerabilities in Adobe Flash Player.
Users and Techworm readers are requested to upgrade their Flash Players as soon as possible. The details of updates are given below :
- Adobe Flash Player for Windows and OS X should be updated to Adobe Flash Player 184.108.40.2065.
- Adobe Flash Player Extended Support Release should be updated to Adobe Flash Player 220.127.116.119.
- Adobe Flash Player for Linux should be updated to Adobe Flash Player 18.104.22.1682.
Google Chrome users please note that your Flash Player along with Internet Explorer in Windows 8/8.1 will be automatically update to version 22.214.171.1245. If you see the following notification in your Firefox, you should immediately press update now.