New attacks suggest leeway for patching Flash Player is shrinking

It took one week from Adobe's fix to mass exploitation for a recent Flash Player flaw

Cybercriminals are exploiting newly patched vulnerabilities faster, a sign that users and companies need to improve their software updating habits.

Researchers from both Malwarebytes and FireEye reported Thursday that drive-by download attacks using the Nuclear Exploit Kit target a vulnerability that was patched last week in Flash Player.

The flaw, which is tracked as CVE-2015-0336, was fixed by Adobe on March 12. It affects all Flash Player versions older than 17.0.0.134 on Windows and Mac, 11.2.202.451 on Linux and 13.0.0.277 ESR (extended support release).

The latest attacks are launched from hacked websites and attempt to install a Trojan program. The cybercriminal group behind the attacks is known as EITest and has distributed an online banking Trojan called Tinba in the past, according to researchers from Malwarebytes.

Exploit kits like Nuclear are attack platforms that incorporate exploits for multiple vulnerabilities in browsers and browser plug-ins like Flash Player, Adobe Reader, Java or Silverlight. They're rented out to multiple cybercriminal groups who then use them in mass attacks.

Earlier this year, two other exploits kits, called Angler and Hanjuan, exploited vulnerabilities in Flash Player that hadn't even been patched by Adobe at the time -- these are known as zero-day vulnerabilities. However, such incidents are rare.

For one, zero-day flaws are valuable commodities on the black market and are generally used in targeted attacks that are meant to fly under the radar for longer periods of time. It doesn't make sense, financially, to incorporate an expensive zero-day exploit into a mass attack tool, because it will be detected and rendered useless fairly quickly.

With few exceptions, exploit kits have historically targeted known and patched vulnerabilities, aiming to infect users who don't frequently update their software. In fact, most of the current exploit kits still incorporate exploits from as far back as 2010, just because they continue to be reliable and have a decent success rate.

However, the short one-week period it took attackers to develop a reliable exploit for CVE-2015-0336 and integrate it into Nuclear EK, could signal a dangerous trend.

Adobe has made significant efforts to keep the Flash Player installed base up to date by having the plug-in automatically updated under Google Chrome and Internet Explorer on Windows 8.x and by offering an automatic update option inside the program. Despite these actions, many users, especially companies, are still falling behind on updates.

In business environments software patches need to be tested first to ensure they don't break established workflows, so automatic updates are typically disabled. IT departments generally deploy updates according to predetermined schedules that are often more than one week apart.

"Such systems should ideally be sandboxed from the rest of the network or be running anti-exploit software designed to block known and unknown exploits," security researchers from Malwarebytes said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags patch managementmalwareFireEyepatchesExploits / vulnerabilitiesMalwarebytes

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Lucian Constantin

Lucian Constantin

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?