Daily Archives: October 15, 2015

Adobe Flash Player Zero Day Vulnerability Exploited In The Wild

Update: 20th October 2015:
Yesterday Microsoft updated their security advisory and issued a Flash Player update (to version v19.0.0.226) for Windows 8.0, Windows RT, Windows 8.1 and Windows 10 users. This update applies to both Microsoft Edge (Windows 10) and Internet Explorer users.

Google Chrome v46.0.2490.71 (Stable, 64 bit) has now also been updated to v19.0.0.226 of Flash Player. This update occurred silently in the background most likely using Google’s component update feature.

Thank you.

Update: 18th October 2015:
Adobe made available Flash Player v19.0.0.226 to address this zero day issue as well as 2 other critical CVEs (defined) earlier than expected on the 16th of October rather than during the week of October 19th.

At the time of writing this updated Flash Player was not available for users of Windows 8.0, 8.1 and 10 (despite Adobe mentioning the availability of these updates for such users in their security bulletin). Google Chrome v47.0.2526.16 (Beta, 64 bit) has been updated to Flash Player v19.0.0.226 while Google Chrome v46.0.2490.71 (Stable, 64 bit) remains at version v19.0.0.207.

I will update this post when these updates become more widespread.

Thank you.

Original Post:
An organized group of malicious hackers known as Pawn Storm are exploiting a zero day (defined) security vulnerability in Adobe Flash Player. At this time, there is no update available to address the issue being exploited. If you make use of Adobe Flash Player, the information below may be useful to you.

Why Should This Threat Be Considered Important?
As noted by Trend Micro, defending against zero-day exploits requires a defense-in-depth strategy (defined) since Flash Player is widely used and such exploits are likely to be difficult to detect due to obfuscation (further information on obfuscation techniques) as was the case with exploits used by the Angler exploit kit.

The means of exploiting this vulnerability is currently via targeted email messages a technique known as spear phishing (defined). These messages contain links to websites hosting exploits for this vulnerability. Further details of the subject lines and content of the emails to enable you to better defend yourself are provided in Trend Micro’s blog post.

As noted by Adobe in their security advisory successful exploitation of this vulnerability can result in an attacker gaining remote control over a device with Flash Player installed.

How Can I Protect Myself From This Issue?

  • Exercise caution when reading emails that appear to contain interesting content from individuals that you may or may not know. Do not click on any links within those emails.
  • Refer to Trend Micro’s blog post for additional tips on how to recognize the emails which attempt to exploit this vulnerability.
  • Even if a defense-in-depth strategy (as mentioned above) is followed in your environment (e.g. corporate, small business etc.), I would recommend enabling Click-to-Play for your browser (supported by all major web browsers with the exception of Internet Explorer) so that Flash will ask permission before performing any action.

An update from Adobe is scheduled to be made available next week to address this vulnerability. Please install it as soon as possible upon it’s availability.

Thank you.

Wireshark Releases Security Update October 2015

Yesterday the Wireshark Foundation released an update for Wireshark (version 1.12.8) that includes fixes for general software bugs as well as a security issue (1 CVE, defined).

For Linux distributions updates can be obtained using the operating systems standard package manager (if the latest version is not installed automatically you can instead compile the source code). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.

If you use Wireshark, please install the appropriate update when you can. If Wireshark is installed on a critical production system or systems that contain your critical data, please back up your data before installing this update in order to prevent data loss in the rare event that an update causes unexpected issues.

Thank you.