A newly discovered critical vulnerability in Adobe Flash Player is being exploited in the wild in at least one drive-by download campaign. The Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0313) is currently unpatched and is reported to have been used in attacks against computers running Internet Explorer and Firefox on Windows 8.1 and below.
News of this new vulnerability comes a week after two other vulnerabilities in Flash were found to have been exploited by the Angler exploit kit. The Adobe Flash Player Unspecified Memory Corruption Vulnerability (CVE-2015-0310) and the Adobe Flash Player Unspecified Security Vulnerability (CVE-2015-0311) have since been patched by Adobe. Flash users who applied updates last week remain exposed to this latest vulnerability.
Adobe has said that a patch for the vulnerability will be published this week. The software company said that the issue affects Adobe Flash Player 16.0.0.296 and all earlier versions for both Windows and Mac. Flash Player 13.0.0.264 and earlier 13.x versions are also affected. The vulnerability has been rated as critical due to the prevalence of Flash Player and the fact that it is already being used in the wild. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
The exploit has already been used in a drive-by download campaign that attempts to deliver malware to the victim’s computer through malicious advertising (malvertising). The malicious adverts redirected through a series of sites that eventually led to the exploit code.
Jonathan Omansky, Director Security Response Operations talks about the recent Adobe Flash vulnerabilities in this video and shares some tips on how users can protect themselves against these and other similar threats.
Mitigation
Users who are concerned about this issue can temporarily disable Adobe Flash in the browser by taking the following steps:
Internet Explorer versions 10 and 11
- Open Internet Explorer.
- Click on the “Tools” menu, and then click “Manage add-ons”.
- Under “Show”, select “All add-ons”.
- Select “Shockwave Flash Object” and then click on the disable button.
You can re-enable Adobe Flash by repeating the same process, selecting “Shockwave Flash Object” and then clicking on the disable button.
Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website. Select the version of Internet Explorer you are using at the top right corner.
Firefox
- Open Firefox.
- Open the browser menu and click “Add-ons”.
- Select the “Plugins” tab.
- Select “Shockwave Flash” and click “Disable”.
You can re-enable Flash by repeating the same process, selecting “Shockwave Flash” and then clicking on the “Enable” button.
Symantec and Norton protection
Antivirus:
Intrusion Prevention System:
Investigation of this issue is ongoing and further updates will be provided in due course.
Update – February 2, 2015:
Adobe has removed Flash Player version 11.x from the list of affected versions. Version 11.x and earlier do not support the functionality affected by CVE-2015-0313.
Update – February 3, 2015:
Symantec has added the following protections:
Update – February 3, 2015:
Symantec has added the following protections:
Update – February 4, 2015:
Adobe has issued the following update:
"Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.305 beginning on February 4. This version includes a fix for CVE-2015-0313. Adobe expects to have an update available for manual download on February 5, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post."
Update – February 12, 2015:
Added video about recent Adobe Flash exploits.