Starbuck Posted June 29, 2015 Posted June 29, 2015 http://img.photobucket.com/albums/v708/starbuck50/485522-2_zpsgqdsiusn.jpg Less than a week after Adobe rolled out a patch for a zero-day vulnerability in Flash Player that was exploited in the wild by a cyber-espionage group, malware researchers found it was leveraged by cybercriminals for purely financial purposes, infecting computers with CryptoWall ransomware. The latest version of Flash Player, 18.0.0.194, which is available since June 23, is the result of an emergency update that fixes a heap buffer overflow (CVE-2015-3113). Security researchers at FireEye reported the glitch to the developer and found that Chinese threat actor APT3 was already taking advantage of it to spy on organizations in multiple sectors: aerospace and defense, construction and engineering, high tech, telecommunications and transportation. Interestingly, only four days after the public patch, independent security researcher Kafeine spotted the exploit in a cybercriminal browser-based attack tool called Magnitude exploit kit. In a blog post on Sunday, Kafeine explained that Magnitude’s final payload was the infamous CryptoWall ransomware, and that malicious SWF and FLV files were used in the process. In a separate analysis, Jerome Segura of Malwarebytes confirmed the use of a “booby trapped SWF, followed by a malicious FLV (Flash Video) file.” Audio codec problem at the root of two vulnerabilities It is unclear how the cybercriminals managed to develop an exploit for CVE-2015-3113 this fast, but such quick undertaking was recorded in the past with other Flash vulnerabilities. In this case, it appears that the ground for creating the malicious code was already laid by another security flaw, CVE-2015-3043, repaired by Adobe in April, which was also being leveraged in the wild at the time the patch was released. Referring to the same root cause for the two flaws, Segura says that Flash Player is “a hacker’s favorite due to its huge user base and reusable security flaws. Indeed, attackers have the advantage as they can refactor an exploit to bypass a previous patch that didn’t completely address an insecure or complex coding implementation.” Source: http://news.softpedia.com/news/recently-fixed-flash-player-zero-day-used-to-deliver-ransomware-485522.shtml Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.