New attacks suggest leeway for patching Flash Player is shrinking

It took one week from Adobe's fix to mass exploitation for a recent Flash Player flaw

Cybercriminals are exploiting newly patched vulnerabilities faster, a sign that users and companies need to improve their software updating habits.

Researchers from both Malwarebytes and FireEye reported Thursday that drive-by download attacks using the Nuclear Exploit Kit target a vulnerability that was patched last week in Flash Player.

The flaw, which is tracked as CVE-2015-0336, was fixed by Adobe on March 12. It affects all Flash Player versions older than 17.0.0.134 on Windows and Mac, 11.2.202.451 on Linux and 13.0.0.277 ESR (extended support release).

The latest attacks are launched from hacked websites and attempt to install a Trojan program. The cybercriminal group behind the attacks is known as EITest and has distributed an online banking Trojan called Tinba in the past, according to researchers from Malwarebytes.

Exploit kits like Nuclear are attack platforms that incorporate exploits for multiple vulnerabilities in browsers and browser plug-ins like Flash Player, Adobe Reader, Java or Silverlight. They're rented out to multiple cybercriminal groups who then use them in mass attacks.

Earlier this year, two other exploits kits, called Angler and Hanjuan, exploited vulnerabilities in Flash Player that hadn't even been patched by Adobe at the time -- these are known as zero-day vulnerabilities. However, such incidents are rare.

For one, zero-day flaws are valuable commodities on the black market and are generally used in targeted attacks that are meant to fly under the radar for longer periods of time. It doesn't make sense, financially, to incorporate an expensive zero-day exploit into a mass attack tool, because it will be detected and rendered useless fairly quickly.

With few exceptions, exploit kits have historically targeted known and patched vulnerabilities, aiming to infect users who don't frequently update their software. In fact, most of the current exploit kits still incorporate exploits from as far back as 2010, just because they continue to be reliable and have a decent success rate.

However, the short one-week period it took attackers to develop a reliable exploit for CVE-2015-0336 and integrate it into Nuclear EK, could signal a dangerous trend.

Adobe has made significant efforts to keep the Flash Player installed base up to date by having the plug-in automatically updated under Google Chrome and Internet Explorer on Windows 8.x and by offering an automatic update option inside the program. Despite these actions, many users, especially companies, are still falling behind on updates.

In business environments software patches need to be tested first to ensure they don't break established workflows, so automatic updates are typically disabled. IT departments generally deploy updates according to predetermined schedules that are often more than one week apart.

"Such systems should ideally be sandboxed from the rest of the network or be running anti-exploit software designed to block known and unknown exploits," security researchers from Malwarebytes said.

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags patchessecurityFireEyepatch managementMalwarebytesExploits / vulnerabilitiesmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?