Yet Another Zero-Day Adobe Flash Exploit Is Running Loose Putting Users In Danger
Adobe recently published a security advisory APSA16-03, which details a vulnerability in Adobe Flash Player version 18.104.22.168 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. This comes after a patch for a zero day exploit was released in early April.
Adobe believes the attackers are a group called “ScarCruft”. ScarCruft is a relatively recently APT group that has launched attacks in countries such as Russia, Nepal, South Korea, China, India, Kuwait, and Romania. The group recently has taken advantage of two Adobe Flash and one Microsoft Internet Explorer exploits.
ScarCruft currently has two operations called Operation Daybreak and Operation Erebus. Operation Daybreak was launched in March 2016 and uses a zero day Adobe Flash Player exploit that highlights high-profile victims. Operation Erebus employs an older exploit for CVE-2016-4117. Adobe also believes that the group launched the zero day exploit, CVE-2016-0147, which was patched in April.
Adobe has labeled this threat as “critical”. Critical threats are vulnerabilities, “which, if exploited would allow malicious native-code to execute, potentially without a user being aware.”
The Adobe Priority Rating System is a guideline to help customers in managed environments prioritize Adobe security updates. When the patch is released it will be listed as “Priority 1”. Priority 1 is defined as follows: ”This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible.”
The patch for the vulnerability should be available June 16th and Adobe confirms that Microsoft EMET is effective at mitigating the attacks. Adobe also stated that Microsoft's other products detect and block the exploit, as well as the malware used by the ScarCruft. Users can get the latest information from the Adobe Product Security Incident Response Team Blog. Kaspersky customers can also contact the Kaspersky Intelligence Service.