Menu
New attacks suggest leeway for patching Flash Player is shrinking

New attacks suggest leeway for patching Flash Player is shrinking

It took one week from Adobe's fix to mass exploitation for a recent Flash Player flaw

Cybercriminals are exploiting newly patched vulnerabilities faster, a sign that users and companies need to improve their software updating habits.

Researchers from both Malwarebytes and FireEye reported Thursday that drive-by download attacks using the Nuclear Exploit Kit target a vulnerability that was patched last week in Flash Player.

The flaw, which is tracked as CVE-2015-0336, was fixed by Adobe on March 12. It affects all Flash Player versions older than 17.0.0.134 on Windows and Mac, 11.2.202.451 on Linux and 13.0.0.277 ESR (extended support release).

The latest attacks are launched from hacked websites and attempt to install a Trojan program. The cybercriminal group behind the attacks is known as EITest and has distributed an online banking Trojan called Tinba in the past, according to researchers from Malwarebytes.

Exploit kits like Nuclear are attack platforms that incorporate exploits for multiple vulnerabilities in browsers and browser plug-ins like Flash Player, Adobe Reader, Java or Silverlight. They're rented out to multiple cybercriminal groups who then use them in mass attacks.

Earlier this year, two other exploits kits, called Angler and Hanjuan, exploited vulnerabilities in Flash Player that hadn't even been patched by Adobe at the time -- these are known as zero-day vulnerabilities. However, such incidents are rare.

For one, zero-day flaws are valuable commodities on the black market and are generally used in targeted attacks that are meant to fly under the radar for longer periods of time. It doesn't make sense, financially, to incorporate an expensive zero-day exploit into a mass attack tool, because it will be detected and rendered useless fairly quickly.

With few exceptions, exploit kits have historically targeted known and patched vulnerabilities, aiming to infect users who don't frequently update their software. In fact, most of the current exploit kits still incorporate exploits from as far back as 2010, just because they continue to be reliable and have a decent success rate.

However, the short one-week period it took attackers to develop a reliable exploit for CVE-2015-0336 and integrate it into Nuclear EK, could signal a dangerous trend.

Adobe has made significant efforts to keep the Flash Player installed base up to date by having the plug-in automatically updated under Google Chrome and Internet Explorer on Windows 8.x and by offering an automatic update option inside the program. Despite these actions, many users, especially companies, are still falling behind on updates.

In business environments software patches need to be tested first to ensure they don't break established workflows, so automatic updates are typically disabled. IT departments generally deploy updates according to predetermined schedules that are often more than one week apart.

"Such systems should ideally be sandboxed from the rest of the network or be running anti-exploit software designed to block known and unknown exploits," security researchers from Malwarebytes said.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags patchessecurityFireEyepatch managementMalwarebytesExploits / vulnerabilitiesmalware

Featured

Slideshows

Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments