January 27, 2015

Adobe finally patches Flash Player vulnerability used in 0-day exploits

January 27, 2015

By now, most of you will have heard about the recently discovered Flash Player vulnerabilities being exploited by a crime pack, called the Angler Exploit Kit (Angler EK for short). I wrote a blog article about it on January 22, 2015.

I posted three updates to my article, ending yesterday morning, alerting to an upcoming final patch from Adobe. I also noted that some computers were having the new version pushed to them via the Adobe Flash Player automatic updater (if it was fully enabled). But, the rest of the folks who had to update manually were left of out the security update.

That has finally changed today, Tuesday, January 27, 2015. The About Adobe Flash Player page now shows version 16.0.0.296 as the most current version. You should not delay after reading this. Go to that page in each browser installed on your computers and see if those browsers are up to date or not. If not, use the link labeled "Player Download Center" to get the new version for your operating system and browser type.

After updating Flash, it's a good idea to close and restart the browser.

Note:
There are different flavors of Flash for different brands and versions of browsers. Internet Explorer always used an "ActiveX" version (which may have changed or be changing in IE 11 forward). Firefox and Opera use a different version known as a "Plugin." Google Chrome has Flash built right into the architecture of the browser, requiring the browser itself to be updated. That is about to change as a standalone installer has just become available for advanced users of Chrome. People using Mac computers would have to manually install and update Flash, as Apple doesn't support it at all. Linux users also have to manually check for software updates and apply new Flash versions themselves.

Wrap-up:
If you missed the hoopla, read my previous blog article, titled: New Flash Player zero day exploit in the wild.

Posted by Wiz at 12:53 PM |

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

January 22, 2015

New Flash Player zero day exploit in the wild

January 22, 2015

There is a brand new Flash Player zero day vulnerability being exploited in the wild, by the so-called "Angler" Exploit Kit. It is being used to silently install the "Bedep" click fraud Trojan. The information about this was first released on Jan 21, 2015, by a security researcher using the moniker: Kafeine.

Early information suggested that only Windows operating system users running Internet Explorer were affected. This was because the criminals who released the exploit used a single wrong line of logic. That mistake was corrected later last night and the exploit now works on the latest version of Fire fox as well. Anybody browsing the Web running Internet Explorer or Firefox on the now unsupported Windows XP is totally at risk.

According to Kafeine's research, the attack worked on all versions of Flash up to the then current 16.0.0.257. I say "then current" because this morning I learned that Adobe had released an update to Flash today, January 22, with version number 16.0.0.287. Unfortunately, that new version does not close the vulnerability being exploited by the new Angler attack. It does however close a related exploit and should be applied ASAP. Flash updates are listed on the official Adobe Flash "About Flash" page, which also has a link to the official Adobe Flash Download page. I recommend that all Windows users bookmark these pages and visit them often.

What operating systems and browsers are vulnerable today?

Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled.

What's not affected (yet)?

Google Chrome browsers are neither targeted by name, not exploited when subjected to the malicious Flash applet.

Update 1, Jan 23, 2015 (Noon EST -0500)
Two days have gone by since the initial release of the information about this zero day exploit and I just checked the Adobe Flash Player "About Flash Player" page and found no new updates. They are still sitting at version 16.0.0.287 (released on the 22nd), which is totally exploitable. All target browsers are still vulnerable.

Update 2, Jan 23, 2015 (12:05PM EST)
I just read this security bulletin on Abobe.com.


A Security Advisory (APSA15-01) has been published regarding a critical vulnerability (CVE-2015-0311) in Adobe Flash Player 16.0.0.287 and earlier versions for Windows, Macintosh and Linux. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below.

Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26.

The above confirms that the zero day Angler Flash exploit attacks are also able to infect Macintosh and Linux computers with Flash installed and enabled to run automatically in the browser being used (except Chrome).

Update 3, Jan 26, 2015
Adobe has silently began pushing out a patched version of Flash Player to fix the final 0-day vulnerability in this exploit kit campaign. The newest version is 16.0.0.296. However, the only way you will receive it is if you have set your Flash Player advanced options to automatically check for (and install) updates. Running a manual check takes you to the About Flash Player page, where as of 12:30 pm EST the current version was still listed as 16.0.0.287. The new patched version will be made available for manual downloading starting later today and throughout this week.

I also fixed some typos that I missed earlier.

What you can do now to protect your computers from the exploit kit.

  • Disable Flash in Internet Explorer
    1. Open Internet Explorer
    2. Click on the "Tools" menu, and then click "Manage add-ons"
    3. Under "Show", select "All add-ons"
    4. Select "Shockwave Flash Object" and then click on the disable button
  • Disable Flash if you use Firefox
    1. Use either the Firefox Orb/icon on the top left, or the Tools Menu on the Menu Bar, if you have it displayed.
    2. Under Tools, click on Add-Ons. A new tab will open listing your "Plugins" first. If not, lick on Plugins on the left sidebar.
    3. Locate Shockwave Flash in the list. Move to the right to the options box and select either Ask to Activate, or Never Activate.
  • Updating Flash on Firefox (and ActiveX versions of Internet Explorer)
    1. Next, click on the blue link over the list of Plugins that says "Click to see if your plugins are up to date."
    2. If you see a notice that your version Flash is outdated, use the Update button to go to the Adobe Flash Download Center.
    3. Follow the instructions for that browser to update Flash. Note, they automatically opt you into downloading other programs, like McAfee Safety Scan. Under Optional offer:, Uncheck that option, then click Install Now.
    4. While you are at it, go back to the Flash Player Download page and click on the link labeled: "Need Flash Player for a different computer?"
    5. Here you can select your operating system, then click on Version) and see if "Internet Explorer - ActiveX" is listed If so, select it and install the latest version of Flash for Internet Explorer. If IE is not offered, your version is either unsupported or doesn't use ActiveX any more.

If you have set Flash in Firefox to Ask to Activate, any web page with Flash content will display a warning bar over the website asking for your permission to allow such and such to run Adobe Flash. The options on that bar are Continue Blocking or Allow. Note, there are some notices that have a pop-over with two buttons, labeled: Allow Now and Allow and Remember. The browser will remember your choice for that browser (saves it as a preference). You can revoke the permissions by resetting all plugins to Ask or Never Activate.

Make sure that you have Adobe Flash set to automatically check for and install updates. You can do this by opening Control Panel and clicking on the Flash Player link or icon. Go to the Advanced tab and under Updates select: Allow Adobe to install updates (recommended). If you operate with less than Administrator privileges (Always reduce your privileges to the least necessary to use any computer), you'll have to click on the button labeled: Change Update Settings. Set the updates to automatic and save.

Next, move your pointer (or finger) to the Update Now button and press it. This takes you to the About Flash Player page mentioned earlier. If your version is less that the current version, click the download link, as described above. This is especially important for Internet Explorer users, since you are the primary targets. The scripts will offer the appropriate Flash Player for you operating system and version of Internet Explorer.

I'll publish and update to this page once more information is revealed, and when Adobe releases a patched version of Flash Player.

I know someone is bound to ask, so if you use an Apple Mac computer and do not have Flash Player installed (Apple does not install Flash by default), you are currently safe. But, if you do have Flash installed on your Mac, you're at the same risk as the rest of us. In that case, use your web browsers to visit the Flash Player download page and grab the updated version for that browser!

Posted by Wiz at 1:36 PM |

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

Blog Links

Sponsored Message

I recommend Malwarebytes to protect your computers and Android devices from malicious code attacks. Malwarebytes detects and blocks spyware, viruses and ransomware, as well as rootkits. It removes malware from an already infected device. Get an 18 month subscription to Malwarebytes here.

If you're a fan of Robert Jordan's novels, you can buy boxed sets of The Wheel Of Time, here.

As an Amazon and Google Associate, I earn commissions from qualifying purchases.

CIDR to IPv4 Address Range Utility Tool | IPAddressGuide
CIDR to IPv4 Conversion



Search


About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Follow @Wizcrafts on Twitter, where I post short updates on security issues, spam trends and things that just eat at my craw.

Follow Wizcrafts on Twitter

Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.

MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days.

Categories

Tag Cloud

Recent Posts

Popular Posts

Archives

Subscribe to this blog's feed
Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by Movable Type

back to top ^