14 DAY TRIAL // A recently discovered zero-day vulnerability in Flash Player, currently exploited in the wild, is expected to be removed from the application some time next week.
The flaw has been assigned the CVE identifier CVE-2015-0311 and at the moment it affects all versions of Flash Player on Windows, Mac and Linux. It has been seen to be leveraged by cybercriminals operating the Angler exploit kit, targeting users with Windows operating systems running Internet Explorer and Mozilla Firefox.
All operating system platforms are affected
Exploit kits contain code that profits from security holes in browser plug-ins to foist malware on the machine and compromise it. Generally, some reconnaissance action is taken before deploying the code, consisting in checking the browser used and the plug-ins available, along with their versions.
Adobe released a security bulletin on Thursday saying that “successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”
Security researcher Kafeine discovered the exploit this week in one instance of web-based attack tool Angler that was used to deliver a version of the Bedep malware. While testing, the researcher observed that the threat was wielded to perpetrate ad fraud.
Exploit not deployed for Chrome
The particular version of Angler studied by Kafeine includes exploits for three Flash Player vulnerabilities; one takes advantage of CVE-2014-8440, a regular in this type of attack tools, another leverages CVE-2015-0310, which has been fixed in yesterday’s release of Flash Player 16.0.0.287, and the third one is still exploiting an unpatched glitch.
The last one is what Adobe is now trying to repair. Needless to say that, since the flaw affects all operating systems, users should apply the update as soon as it becomes available.
The recommendation from security researchers for mitigating the risk of exposure is to disable the Flash Player component in Internet Explorer and Mozilla Firefox until Adobe releases a safe version.
Kafeine says that the exploit in Angler for CVE-2015-0311 is not triggered if Google Chrome is detected on a target machine. One reason for this may be that Chrome integrates a sturdier sandbox mechanism that isolates the activity in each tab, separating it from the rest of the system.
As such, malware is contained in the Chrome sandbox and cannot break the confinement to reach sensitive PC resources.