Menu
New attacks suggest leeway for patching Flash Player is shrinking

New attacks suggest leeway for patching Flash Player is shrinking

It took one week from Adobe's fix to mass exploitation for a recent Flash Player flaw

Cybercriminals are exploiting newly patched vulnerabilities faster, a sign that users and companies need to improve their software updating habits.

Researchers from both Malwarebytes and FireEye reported Thursday that drive-by download attacks using the Nuclear Exploit Kit target a vulnerability that was patched last week in Flash Player.

The flaw, which is tracked as CVE-2015-0336, was fixed by Adobe on March 12. It affects all Flash Player versions older than 17.0.0.134 on Windows and Mac, 11.2.202.451 on Linux and 13.0.0.277 ESR (extended support release).

The latest attacks are launched from hacked websites and attempt to install a Trojan program. The cybercriminal group behind the attacks is known as EITest and has distributed an online banking Trojan called Tinba in the past, according to researchers from Malwarebytes.

Exploit kits like Nuclear are attack platforms that incorporate exploits for multiple vulnerabilities in browsers and browser plug-ins like Flash Player, Adobe Reader, Java or Silverlight. They're rented out to multiple cybercriminal groups who then use them in mass attacks.

Earlier this year, two other exploits kits, called Angler and Hanjuan, exploited vulnerabilities in Flash Player that hadn't even been patched by Adobe at the time -- these are known as zero-day vulnerabilities. However, such incidents are rare.

For one, zero-day flaws are valuable commodities on the black market and are generally used in targeted attacks that are meant to fly under the radar for longer periods of time. It doesn't make sense, financially, to incorporate an expensive zero-day exploit into a mass attack tool, because it will be detected and rendered useless fairly quickly.

With few exceptions, exploit kits have historically targeted known and patched vulnerabilities, aiming to infect users who don't frequently update their software. In fact, most of the current exploit kits still incorporate exploits from as far back as 2010, just because they continue to be reliable and have a decent success rate.

However, the short one-week period it took attackers to develop a reliable exploit for CVE-2015-0336 and integrate it into Nuclear EK, could signal a dangerous trend.

Adobe has made significant efforts to keep the Flash Player installed base up to date by having the plug-in automatically updated under Google Chrome and Internet Explorer on Windows 8.x and by offering an automatic update option inside the program. Despite these actions, many users, especially companies, are still falling behind on updates.

In business environments software patches need to be tested first to ensure they don't break established workflows, so automatic updates are typically disabled. IT departments generally deploy updates according to predetermined schedules that are often more than one week apart.

"Such systems should ideally be sandboxed from the rest of the network or be running anti-exploit software designed to block known and unknown exploits," security researchers from Malwarebytes said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags patch managementmalwareFireEyepatchesExploits / vulnerabilitiesMalwarebytes

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments