Wednesday 14 October 2015

Threat Buckler: Another New Zero Day exploit Hits Adobe Flash Play...

Threat Buckler: Another New Zero Day exploit Hits Adobe Flash Play...: After so much efforts of Adobe Flash Player attackers find a way New Zero-Day exploit Hits Adobe Flash Player.  Flash, attackers fro...
Posted by at No comments:

Another New Zero Day exploit Hits Adobe Flash Player Vulnerability




After so much efforts of Adobe Flash Player attackers find a way New Zero-Day exploit Hits Adobe Flash Player.  Flash, attackers from the Pawn Storm cyber-espionage campaign are exploiting yet another new zero-day in flash so they can surreptitiously install malware on victim computer.


It is advised to uninstall or disable the adobe Flash Player immediately before you will be in trap of hunter.

Fortunately, for the time being, this exploit is only being used against Government agencies and several foreign affairs ministries as part of a long-running espionage campaign carried out by a group known as Pawn Storm.


 Although Adobe has released a new patch yesterday which was having 69 Vulnerabilities out of which 13 was patched in their new Monthly Patch Release. Attackers come up with a new zero-day exploit that leave fully patched Flash Player Vulnerable.
“Based on researcher analysis, the Flash zero-day affects at least Adobe Flash Player versions 19.0.0.185 and 19.0.0.207”.

Flash Zero Day Exploit Flow:




                              

Trend Micro reported:

In this most recent campaign, Pawn Storm targeted several foreign affairs ministries from around the globe. The targets received spear phishing e-mails that contained links leading to the exploit. The emails and URLs were crafted to appear like they lead to information about current events, with the email subjects containing the following topics:

“Suicide car bomb targets NATO troop convoy Kabul”
“Syrian troops make gains as Putin defends air strikes”
“Israel launches airstrikes on targets in Gaza”
“Russia warns of response to reported US nuke buildup in Turkey, Europe”
“US military reports 75 US-trained rebels return Syria”

It’s worth noting that the URLs hosting the new Flash zero-day exploit are similar to the URLs seen in attacks that targeted North Atlantic Treaty Organization (NATO) members and the White House in April this year.

Patch Not Available For Latest  Zero Day Exploit 

As of now no patch available for these Latest Exploit even with latest up-to date installation.
Adobe is working on this latest Flaw to patch.

Till the time being please Uninstall or disable Adobe Flash Player for being safe.

As of now  Google Chrome has also begun blocking auto-playing Flash ads by default.



Posted by at 1 comment:
Subscribe to: Posts (Atom)