An exploit kit known as Angler is targeting a previously unseen flaw in the latest version of Flash Player, which Adobe only updated a week ago.
It may be time for Windows users to disable the Flash Player browser plugin, according to researcher “kafeine”, who reported today that the Angler exploit kit is targeting a newly discovered flaw in the media player.
Since Adobe doesn’t have a fix for the flaw, the malware researcher suggests “disabling Flash Player for some days might be a good idea”.
The latest version of Flash for Windows and Mac — the one that is under attack — is version 18.104.22.1687. The attack comes just one week after Adobe fixed nine flaws in Flash Player, including seven that were remotely exploitable.
Angler is one of handful of “exploit kits” that contain multiple remote attacks for flaws in widely used products like Flash, PDF readers like Adobe Reader and Java.
While exploits for flaws that have been patched by affected vendors are run-of-the-mill for these kits, it’s less common for them to contain attacks for previously unseen or ‘0-day’ flaws. Those flaws are typically discovered after a highly targeted attack.
On the “Malware don’t need Coffee” blog, @kafeine outlined the system configurations for Flash Player 22.214.171.1247 that are so far confirmed to have been successfully exploited. These include Windows XP running Internet Explorer (IE) 6 through to 9, Windows 7 with IE8, and Windows 8 running IE10 with the Windows8-RT-KB3008925-x86 update.
System configurations confirmed to be safe from the attack include the most recently updated version of Windows 8.1 and Chrome.
The researcher was still running tests on other configurations when contacted by CSO Australia but was not able to provide further details.
Adobe has yet to offer official advice for users, however an Adobe spokesperson told CSO Australia that "we aware of the report and are investigating".
The most notorious exploit kit in recent years has been Blackhole however Cisco in its 2015 annual security report noted that Angler — which uses Flash, Java, IE and Silver light flaws - was “the one to watch” in 2015.
Kafeine noted that the free version of Malwarebytes Anti Exploit did manage to stop the exploit.
This article is brought to you by Enex TestLab, content directors for CSO Australia.Read more: Sandbox-busting Adobe Reader zero-day bundled in Blackhole
Upcoming IT Security Events
Feb 3rd, Feb 4th, Feb 6th 2015Read more: Adobe warns of zero day Acrobat, Reader attacks
Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective.
March 3rd, March 5th, March 9th 2015
Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidtRead more: Understanding the underground asset landscape with augmented reality
3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today
Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)
- Firefox also exposed to Flash 0-day attack on Internet Explorer
- Adobe patches another 0-day in Flash used to infect Dailymotion visitors
- The most likely place for you to become a victim of crime is online: Hypponen
- Naked Chef serves up pot roast with a side of exploits
- US puts Oracle on 20 year leash over ‘deceptive’ Java security claims