Go Back   SZONE.US Forums > Do it yourself (DIY) > Web Tips > Web Findings

Web Findings Here you will find information about the internet.

Four Adobe Flash 0-days In Three Weeks - Patches Now Available

Views:1310
Reply
Thread Tools Search this Thread Rate Thread
  #1  
Unread 07.14.15, 11:03 AM
Zachariah Boren's Avatar
Zachariah Boren Zachariah Boren is offline
Administrator
 
Join Date: 02.07
Location: Canoga Park, CA
Posts: 928
Blog Entries: 6
Images: 10075
Send a message via ICQ to Zachariah Boren Send a message via MSN to Zachariah Boren Send a message via twitter to Zachariah Boren
Four Adobe Flash 0-days In Three Weeks - Patches Now Available

07.13.15 10:45 PM

Following on from the revelation of a 0-day in Adobe Flash in June 2015 (CVE-2015-3113, since patched) 3 further 0-days have been discovered in the last 3 weeks. The 3 have references CVE-2015-3119, CVE-2015-5122, and CVE-2015-5123.



The knowledge of the 0-day Proof of Concept code arose from analysis of the data breach from the Italian Hacking Team company.



The journey from discovery to exploit kit



Within hours of the exploit code being made public it was observed to have been incorporated into exploit kits including Angler, Neutrino, and NuclearPack.



Telemetry from our ThreatSeeker Intelligence Cloud shows a spike in the the number of NuclearPack security incidents that we identified and protected against over the last few days:









Is your browser trying to tell you something?



Firefox has been configured to block the Flash plugin (aka Shockwave Flash) by default. You can see this through a warning presented underneath your address bar when you browse to a website that uses Flash, or there will be an overlay to the Flash artifact that would have been displayed:







Further you can access the information via Menu > Add-ons > Plugins. The example below tells us that the version of Flash Player in our environment is known to be vulnerable:









How to update your Flash Player?



You can check which version of Flash Player you have running here: http://www.adobe.com/software/flash/about/



For example, the Adobe website is able to tell us that we are running an older version of Adobe Flash Player in our virtual environment:





The latest version of Flash (as of 14 July 2015 2:30pm BST) is 18.0.0.209, 11.2.202.481, or 11.2.202.223 depending on your OS and browser combination.



You can download the latest version of Flash here: https://get.adobe.com/flashplayer/

An alternative mitigation strategy would be to consider if disabling Flash Player is appropriate in your environment.



You can monitor the Adobe Product Security Incident Response Team (PSIRT) Blog at https://blogs.adobe.com/psirt/ for details of any upcoming patches should any further vulnerabilities beidentified.



Protection Offered to Raytheon|Websense Customers



CVE-2015-5119 – A Case Study



These vulnerabilities, if and when incorporated into existing exploit kits, will still be blocked by Raytheon|Websense solutions because we have a variety of detection techniques across the 7 Stages of Advanced Threats via real-time analytics within ACE, our Advanced Classification Engine. This includes:





Stage 3 (Redirect) - the detection of known malicious sites

Stage 6 (Call Home) - detection of command and control channels

Stage 7 (Data Theft) – to reduce the occurrence of data exfiltration



If exploitation of these vulnerabilities is incorporated into wholly new exploit kits then we are capable of detecting malicious behaviour through our heuristics, behavioural monitoring, and analysis techniques.








We will update coverage as necessary to keep our customers protected.



What do we know about these vulnerabilities?



Here is a quick summary of the 4 vulnerabilities and their related patches.



CVE identifier? CVE-2015-3113

Rating? Critical

Impact? Remote code execution and DDOS

Affected version? 18.0.0.161

Patched? Yes, in version 18.0.0.194



CVE identifier? CVE-2015-5119

Rating? Critical

Impact? Remote code execution and DDOS

Affected version? 18.0.0.194

Patched? Yes, in version 18.0.0.203



CVE identifier? CVE-2015-5122

Rating? Critical

Affected version? 18.0.0.204 and others.

Patched? Yes, in version 18.0.0.209 released today, see https://helpx.adobe.com/security/pro...apsb15-18.html



CVE identifier? CVE-2015-5123

Rating? Critical

Affected version? 18.0.0.204 and others.

Patched? Yes, in version 18.0.0.209 today, see https://helpx.adobe.com/security/pro...apsb15-18.html



Contributors: Andy Settle






http://community.websense.com/blogs/...available.aspx
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Rate This Thread
Rate This Thread:



All times are GMT -8. The time now is 07:57 AM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright 2007 - 20017 SZONE.US All rights reserved