Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK

I think Adobe should rename their flash -player to PATCH-PLAYER

 

Google Chrome 40.0.2214.93 with Adobe Flash Player v16.0.0.296:
https://www.wilderssecurity.com/threads/chrome-stable-channel-update.355822/page-12#post-2452494

 

Security updates available for Adobe Flash Player (APSB15-03)
January 27, 2015
http://blogs.adobe.com/psirt/?p=1166

 

I think SIEVE-PLAYER is more appropriate. They never will be able to patch all the holes in it.

 

Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements

Source:

http://blog.trendmicro.com/trendlab...ash-zero-day-exploit-used-in-malvertisements/

 

https://www.wilderssecurity.com/threads/adobe-security-bulletins.334634/page-7#post-2455084

Hat tip: member ronjor

 

Thanks for heads up.
2 zero day within quite short period!
I feel now Adobe is as if Oracle in several years ago...

 

This is the third zero day that has hit Flash in the last two weeks.

 

Sorry, I missed CVE-2015-0310. Thanks for correction.

 

Feeling smug for having banished Flash from anything that matters to me some while back, anything with access to anything at all. VMs reverting to snapshots are your friend.... No Acrobat either.

It would be interesting to know if Sandboxie trapped this one, I would assume it would, and it would be nice to get confirmation.

 

Is there a way to deactivate Flash in IE11?

This one sounds especially bad.

Thanks to all for notifying the Forum.

 

http://www.zdnet.com/article/protect-yourself-from-flash-attacks-in-internet-explorer/
https://www.youtube.com/watch?v=AD1xNwaaup4

Prevent Adobe Flash Player from running

 

Thanks. Flash disabled in IE and Firefox. Don't miss it so far but it's only been 1 day.

 

Note that the site compromised by the malvertisement does not host the malware; rather, it serves as a redirection trigger:

Here is a nice description of how these exploits work:

https://blog.malwarebytes.org/malve...rk-abused-once-again-in-malvertising-attacks/

This means that if you control your plug-ins per site, if you happen to be bounced around in a redirection exploit, the final site that hosts the malware is not likely to be on your trusted list!

Adobe has a test site where you can verify that a Flash object will not load with Flash not enabled for that site:

https://www.adobe.com/software/flash/about/



Note also that Javascript, which can be controlled, is used to load the Flash (.swf) object:

The Adobe page:

Code:

script type="text/javascript"
var props = new Object();
props.swf = "/swf/software/flash/about/mini_FMA_about_01.swf" 

Espn.com page:

Code:

script type="text/javascript"

swfobject.embedSWF 

----
rich

 

Trend Micro has confirmed that the exploit cannot escape Chrome's sandbox and the payload is unable to affect the system. We already knew that Chrome was safe from this exploit, but this shows that it is the sandbox of Chrome which is saving Chrome users from this. If there was currently a Chrome sandbox bypass then Chrome would be at risk too.

http://blog.trendmicro.com/trendlab...ash-zero-day-exploit-used-in-malvertisements/
- in comment section

And more detail on this exploit: http://blog.trendmicro.com/trendlab...k-at-the-exploit-kit-in-cve-2015-0313-attack/

 

From HanJuan EK fires third Flash Player 0day:

 

Blocking?
=

My question still remains unanswered .........
&
https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-63#post-2450580

 

F-Secure's Timo Hirvonen has confirmed as well that CVE-2015-0313 has been exploited since December 2014 by HanJuan EK.

https://twitter.com/TimoHirvonen