Security Latest Flash Zero-Day Bug Already Part of the Angler and Nuclear Exploit Kits

[vissha]

Latest Flash Zero-Day Bug Already Part of the Angler and Nuclear Exploit Kits

Hackers didn't wait long before exploiting this most recent vulnerability, are now targeting users with Flash 19.0.0.207

A zero-day exploit that Adobe patched two weeks ago is already part of at least two exploit kits, Angler and Nuclear, as security researchers for Malwarebytes have discovered.

The respective zero-day affected all Flash versions 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X, and 11.x through 11.2.202.535 on Linux.

As Adobe described back then, "successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system."

Trend Micro, the company that discovered the zero-day (CVE-2015-7645), confirmed that the vulnerability was being used in real-life attacks against the ministries of foreign affairs in various countries, by a hacking group with ties to the Russian government, known as Sednit or Operation Pawn Storm.

Now with the zero-days' details available online, other types of cyber-criminals didn't wait too long to integrate it into their own tools.

Malwarebytes, a company specialized in provided cyber-security products, has detected recent versions of the Angler and Nuclear exploit kits actively using this bug in trying to compromise its clients' PCs.

In the past year, Flash has seen more zero-day vulnerabilities than in any other previous years.

Many industry experts have many times advocated for users to disable Flash in their browsers if they don't use it. One of Flash's biggest critics is Alex Stamos, Facebook's Chief Security Officer, which said it was time for Adobe to announce an EOL (End of Life) timeline for its much-maligned application.

Source