Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK

Exploit researcher Kafeine has discovered that Angler EK is exploiting an unpatched (no CVE) vulnerability in the latest version of Flash (16.0.0.257).

Source:

http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html

 

As it seems Windows 8.1 + Chrome are not affected.

 

Also interesting to see that these Flash holes are only being exploited in certain browsers. Would it perhaps not work in Opera 12 and 26?

 

Also see:
Exploit Kits: A Fast Growing Threat
http://www.techmeme.com/150121/p44#a150121p44

 

http://www.theregister.co.uk/2015/01/22/angler_ek_exploits_flash_0day/

 

"Punters on Windows 8.1 are safe, along with those using Google Chrome thanks to use of sandboxing.

Those operating other Windows platforms with Internet Explorer versions 10 and below, and some Mozilla Firefox versions, have been confirmed as vulnerable to the exploit."
------------
"The free version of MalwareBytes' Anti-Exploit tool prevented the attack"
=
https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-63#post-2450516
..........

 

Adobe Flash Player 16.0.0.287 all varieties released, I assume this addresses the problem.

 

The Adobe Bulletin Vulnerability identifier: APSB15-02 is now live:

http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

 

Also see: via way of Adobe PSIRT Blog -
Security updates available for Adobe Flash Player (APSB15-02)
http://blogs.adobe.com/psirt/?p=1157

 

http://malware.dontneedcoffee.com/
Adobe Releases New Flash Player, No Fix for Zero-Day Exploited by Angler - Softpedia

 

A comment from the link in first post:

 

A man's pride shall bring him low: but honour shall uphold the humble in spirit: Proverbs 29,23.

"Only the wasteful virtues earn the sun": William Butler Yeats, April 27, 1916.

From a literary point of view that is one hell of a post Dermot !!!

.... but in terms of technical input on the "Angler " Zero-Day exploit , perhaps a little less satisfying .

But I loved your post anyway ...... and yes , I know , what I've written is probably well " off-topic " .

 

It's not a post, it's his signature.

 

Yes Fleischmann , you are right .... thank you !
I've just been looking at some of his other posts and saw the same thing .
But anyway , they are still very good quotes

 

Zscaler Research: Malvertising leading to Flash Zero Day via Angler Exploit Kit

 

Kafeine has confirmed that EMET 5.1 has stopped this exploit successfully. Hope he continues to include EMET in his regular testing scenarios.

http://4.bp.blogspot.com/-XI8eDjlQrSY/VMFggWEFoUI/AAAAAAAAES4/rMqGfNgM5MM/s1600/2015-01-22_21h37_21.png

 

Thanks for noting this . The link in the first post now mentions this fact.

 

http://blogs.adobe.com/psirt/?p=1160
&
http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

 

Adobe gets second Flash zero-day patch ready 2 days early! | Naked Security

 

My PPAPI version updated already. Kudos to Adobe, pushing this out on a Saturday.

 

https://www.wilderssecurity.com/threads/adobe-security-bulletins.334634/page-7#post-2451790

 

Yeah, I still can't get the latest through the main download page, which is giving me 16.0.0.287. I had to use the other Adobe download page which I probably can't link here cause ToS rules. Only then did I get 16,0,0,296 installed.

 

For what it's worth, Chrome users can technically install the PPAPI version that is intended for Chromium users until Google updates Chrome. It installs to SysWOW64/System32 just the same as the plugin version and the binaries are absolutely identical to the ones that Chrome uses. Although Chrome wasn't specifically targeted in this recent exploit kit, it is still technically running a vulnerable version of Flash and so it's still a big question mark.

EDIT: I should mention that once installed, the PPAPI version is picked up automatically in Chrome with no changes needed. You can simply Disable the built-in Chrome PPAPI Flash temporarily until Google updates it. Disable the NPAPI one as well if you've installed the plugin based Flash for Firefox. Go to chrome://plugins and click to open up the details of the different Flash versions that Chrome can use.