Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash Player which could allow attackers to remotely execute code on a targeted computer. Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.
Details of the vulnerability surfaced following a cyberattack against the controversial Italian hackers-for-hire firm Hacking Team. Proof-of-concept code for the exploit of the vulnerability was part of a large cache of internal information leaked by the attackers. Given the source of the proof-of-concept code, it is possible that this vulnerability has already been exploited in the wild. Following its disclosure, it can be expected that groups of attackers will rush to incorporate it into exploit kits before a patch is published by Adobe.
Analysis by Symantec has confirmed the existence of this vulnerability by replicating the proof-of-concept exploit on the most recent, fully patched version of Adobe Flash Player (18.0.0.194) with Internet Explorer. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected computer.
Symantec regards this vulnerability as critical since it could allow attackers to remotely run code on an affected computer, effectively allowing them to take control of it.
Mitigation
Users who are concerned about this issue can temporarily disable Adobe Flash Player in the browser by taking the following steps:
Internet Explorer versions 10 and 11
- Open Internet Explorer.
- Click on the “Tools” menu, and then click “Manage add-ons”.
- Under “Show”, select “All add-ons”.
- Select “Shockwave Flash Object” and then click on the “Disable” button.
You can reenable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash Object”, and then clicking on the “Enable” button.
Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website. Select the version of Internet Explorer you are using at the top right corner.
Firefox
- Open Firefox.
- Open the browser menu and click “Add-ons”.
- Select the “Plugins” tab.
- Select “Shockwave Flash” and click “Disable”.
You can reenable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash”, and then clicking on the “Enable” button.
Chrome
- Type “chrome:plugins” in the address bar to open the page.
- On the Plug-ins page that appears, find the "Flash" listing.
- To disable Adobe Flash Player completely, click the "Disable" link under its name.
- To enable Adobe Flash Player, click the "Enable" link under its name.
Protection
Symantec and Norton products detect the proof-of-concept exploit with the following detections:
Antivirus:
Intrusion prevention system:
References
Update – July 7, 2015:
Adobe has issued a security advisory to address this critical vulnerability (CVE-2015-5119), and confirmed it has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Mac OS X and Linux. Adobe added it is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8, 2015.