On Monday, Adobe Systems published a security advisory for its Flash Player signaling a major vulnerability that hasn’t been yet patched and could end up being exploited by hackers to infect vulnerable systems with malware.
According, to the report the most exposed users are those using Flash Player with Internet Explorer or Mozilla Firefox on Windows 8.1., or older. However, the flaw also affects Flash Player on Mac Os (which uses Adobe Flash Player 16.0.0.296 or previous versions) and Linux (which runs and Adobe Flash Player 11.2.202.440 or older versions).
Security experts from Adobe Systems warned that the vulnerability was the third zero-day flaw in the freeware in the last 30 days. Zero-flaw vulnerabilities are holes in computer program that are unknown to their developers and can be easily exploited by hackers. The “zero-day” term means that developers had zero days to fix the issue because no patch was released to address the problem beforehand.
Adobe Systems reassured users that a patch would be released later this week.
The vulnerability was reported to the company by three tech experts, one working for Trend Micro, while others two were from Microsoft.
Trend Micro experts reported that the flaw has already been exploited through malvertising on dailymotion.com earlier last month. Malvertising means users get infected with malicious software (or computer viruses) by clicking a malicious advertisement running on a host site.
Peter Pi, cyber security experts at Trend Micro explained that the attack was triggered from the advertising platform, not from the Dailymotion site’s content.
We have been monitoring this attack since January 14, and saw a spike in the hits to the IP [Internet Protocol address] related to the malicious URL around January 27,”
Mr. Pi added.
Additionally, most of infected users visiting the malicious server were located in the U.S.
Flash Player was updated twice over the past couple of weeks in an attempt of fixing similar zero-day vulnerabilities that had been exploited by hackers by means of malvertising.
According to the Trend Micro team, hackers used a malicious toolkit named the Angler Exploit Kit to exploit the previous vulnerabilities. Mr. Pi suggested that the same toolkit was used in the latest exploit “due to similarities in obfuscation techniques and infection chains.” But a recent analysis revealed that hackers are using a different toolkit, dubbed the Hanjuan Exploit Kit.
However, regardless of the toolkit used in the attacks, users are advised to enable the click-to-play feature in their browsers to prevent Flash Player and other plug-ins from automatically running malicious ads without their consent and keep their antivirus softwares updated.
Image Source: Security Affairs