Adobe Flash has been a favorite target for hackers for years because there are many ways to exploit the platform whereby hackers can install malicious code on the PC including banking Trojans, key loggers and other dangerous malware. Using various drive-by download techniques, hackers are able to bypass security measures within Adobe Flash and patching these vulnerabilities has become a drawn out game of cat and mouse. Adobe patches while hackers find new vulnerabilities and the cycle continues. This is exactly what happened after Adobe released a patch last week.
In fact, it appears that hackers may have gotten the upper hand this time as Adobe has confirmed that a new exploit – based on the Angler exploit kit – was specifically designed to work around the protections built into the latest Flash update. A recent statement from Adobe confirms this vulnerability:
“Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player,”
Adobe said. “Additionally, we are investigating reports that a separate exploit for Flash Player 18.104.22.1687 and earlier also exists in the wild.” Although many of the details surrounding this exploit are still unknown, security researcher Kafeine recently reported that the Angler exploit kit is being used to target a previously undocumented vulnerability in Flash that works against multiple combinations of Microsoft Windows and Internet Explorer. Hackers using this commercially available crimeware kit are only targeting Windows Flash installations, but it’s worth noting that the same vulnerability patched in Flash’s latest update exists in both Mac and Linux Flash installations as well. The latest Flash update brings Windows and Mac installations to 22.214.171.1247 and Linux installations to version 126.96.36.1998. The fact that a new vulnerability has already been discovered on the heels of Adobe’s latest patch highlights the growing concern about the security of this outdated media player.
As HTML5 becomes increasingly mainstream as an alternative (and much more secure) way to render online video content, the need for Flash will continue to lessen. Until Flash can be phased out completely, however, there are some ways to protect yourself from the continual security threats associated with the media platform. Most notably, enabling the click-to-run feature (available all on all modern browsers except Internet Explorer) disables Flash content (and Java applets) until the content is explicitly clicked on by the user. This protects the machine from drive-by download attacks that would otherwise run in the background of a malicious website.
If you haven’t done so already, you should also install Microsoft’s Enhanced Mitigation Experience Toolkit – a free tool designed to improve the security of third party applications.
Finally, ensure the latest versions of Windows, Flash, and your browser of choice are installed and ensure that antivirus definitions are updated frequently. According to a statement from Adobe, a new patch targeting this latest exploit should be released within the next week or two. Until that occurs, hackers will be leveraging this exploit to maximize profits so exercise caution while online to avoid this threat.