Adobe Issues Emergency Flash Player Update, Warns Of Zero-Day Attacks

Adobe Systems issued an update to address a Flash Player zero-day vulnerability being used in widespread attacks delivered through an automated toolkit and warned of another possible zero-day threat.

The company issued a security update Thursday addressing a vulnerability being used to circumvent memory randomization mitigations on the Windows platform. It said that it is still investigating reports of a separate zero-day vulnerability.

The software maker said the emergency update addresses attacks targeting older versions of Flash Player. The attacks are being carried out using the Angler exploit kit, a toolkit that has become more popular since the demise of the Black Hole automated attack toolkit in 2013.

[Related: Critical Adobe Flash Update Indicative Of Unrelenting Web Attacks]

Sponsored post

’Because the attack exploits Adobe Flash, the malicious code will successfully execute in various browsers,’ wrote Ben Hayak, an Israeli-based security researcher at Trustwave’s Spiderlabs research team.

The issue was detected by several researchers and reported through the Chromium Vulnerability Rewards Program. The emergency update impacts users of Flash Player on Windows, Macintosh and Linux.

Angler is one of dozens of popular attack toolkits in the wild. Security researchers at Malwarebytes said the attacks it identified attempt to infect systems to create a botnet that can load multiple payloads. In one instance, the security vendor said the attacks appeared to support a click fraud campaign.

Flash Player and other browser components are still a favorite target of attackers, according to solution providers. It is difficult for organizations to keep the components up to date despite the rollout of automated updates in Google Chrome and Adobe’s own automated update mechanism. Despite the attention drawn to advanced threats and custom malware, organizations need to keep up with vulnerability and configuration management and roll out patches in a timely manner, said Jim Matteo, CEO of San Diego-based solution provider Bird Rock Systems.

’An assessment is paramount to determine the open attack vectors and where else the customer is exposed,’ Matteo told CRN. ’You have take a look at everything and be constantly on guard.’

Flash Player and other popular applications are targeted because they are so widely used, Matteo said. Attack toolkits are often used in broad campaigns, giving attackers the ability to maximize the number of victims in a single campaign. The toolkits are often rented out in hacker forums and offer a subscription-based model that provides software updates and new exploits.

Web-based attacks rose 23 percent in 2013 and were projected to have had a similar increase last year, according to Symantec data. A wide variety of toolkits, including Go1Pack, Styx and Sakura, include exploits targeting flaws in Java, Internet Explorer and Flash, according to the Symantec report.

’The vast majority of infections that occur through Web attack toolkits are spam-relays, compromised websites and malvertisments,’ Symantec said in its 2014 Internet Threat Report. ’None of these techniques are new, pointing again to the fact that age-old techniques continue to reap rewards for attackers.’

Oracle’s Java had the highest number of reported plug-in vulnerabilities in 2013, according to Symantec’s data. Adobe, which has been adding sandboxing technology to Flash, Reader and Acrobat, had not been as impacted possibly due to the protections.