Zero-day vulnerabilities discovered: 7
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
Software: Adobe Flash Player
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when handling .swf files. A remote attacker can trick the victim to visit a website or open a file with malicious Flash file and execute arbitrary code on the target system with privileges of the current user.
Note: this vulnerability was being actively exploited in the wild.
The vulnerability was disclosed by Neel Mehta and Billy Leonard of the Google Threat Analysis Group.
The vulnerability was exploited by Russian hacker group APT28.
Software: Adobe Flash Player
Links:
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html https://helpx.adobe.com/security/products/flash-player/apsb16-36.html https://technet.microsoft.com/library/security/ms16-128
https://threatpost.com/adobe-patches-flash-zero-day-under-attack/121567/
http://securityaffairs.co/wordpress/52739/hacking/cve-2016-7855-adobe.html
http://sensorstechforum.com/cve-2016-7855-flash-bug-exploited-limited-attacks/
http://www.securityweek.com/adobe-patches-flash-vulnerability-used-targeted-attacks
http://thehackernews.com/2016/10/google-windows-zero-day.html
http://opensources.info/cve-2016-7855-flaw-in-adobe-flash-player-exploited-in-targeted-attacks/
https://www.infosecurity-magazine.com/news/flash-windows-zerodays-are-being/
https://fossbytes.com/microsoft-windows-zero-day-vulnerability-google-told-people/
https://www.theregister.co.uk/2016/10/26/adobe_patches_fresh_flash_zeroday/
https://www.symantec.com/connect/blogs/flash-zero-day-being-exploited-targeted-attacks
http://www.pcworld.com/article/3135715/security/emergency-flash-player-patch-fixes-zero-day-critical...
http://thecharlestendellshow.com/microsoft-patches-cve-2016-7255-windows-zero-day-exploited-by-fancy...
https://arstechnica.com/security/2016/11/fancy-bear-goes-all-out-to-beat-adobe-msft-zero-day-patches...
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was reported by Anton Ivanovn of Kaspersky.
Used by ScarCruft hacking team in Operation Daybreak and Operation Erebus as suggested by Kaspersky Lab.
It has been used in targeted attacks carried out by a new ScarCruft APT group operating primarily against high-profile victims in China, South Korea, India, Russia, Nepal, Romania, and Kuwait.
Software: Adobe Flash Player
Links:
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
https://helpx.adobe.com/security/products/flash-player/apsa16-03.html
https://securelist.com/blog/research/75082/cve-2016-4171-adobe-flash-zero-day-used-in-targeted-attac...
http://securityaffairs.co/wordpress/48400/hacking/cve-2016-4171-flash-0-day.html
http://www.securityweek.com/flash-zero-day-exploited-targeted-attacks
https://community.norton.com/en/blogs/security-covered-norton/critical-adobe-flash-player-vulnerabil...
https://threatpost.com/scarcruft-apt-group-used-latest-flash-zero-day-in-two-dozen-attacks/118642/
http://zerosecurity.org/2016/06/flash-zero-day-cve-2016-4171
http://neurogadget.net/2016/06/21/hackers-exploiting-critical-adobe-flash-player-vulnerability/33701
https://www.scmagazine.com/adobe-patches-critical-zero-day-vulnerability-in-flash-player/article/529...
http://activecypher.com/cve-2016-4171-another-flash-zero-day-exploited-in-targeted-attacks/
https://nakedsecurity.sophos.com/2016/06/15/critical-flash-vulnerability-is-being-exploited-in-the-w...
https://www.beyondtrust.com/blog/critical-zero-day-vulnerability-cve-2016-4171-basic-mitigation/
https://arstechnica.com/security/2016/06/critical-adobe-flash-bug-under-active-attack-currently-has-...
http://wccftech.com/flash-zero-day-vulnerability-exploited-in-the-wild/
http://www.digitaltrends.com/computing/adobe-exploit-scarcruft/
http://www.theinquirer.net/inquirer/news/2461612/new-threat-uses-flash-zero-day-to-attack-big-busine...
http://thecharlestendellshow.com/scarcruft-apt-group-exploited-flash-zero-day-in-high-profile-attack...
https://www.intego.com/mac-security-blog/adobe-flash-alert-0-day-exploit-for-vulnerability-in-the-wi...
http://www.bankinfosecurity.com/adobe-flings-flash-fix-for-fresh-apt-target-a-9207
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.The vulnerability was reported by Genwei Jiang.
The zero-day was used by the Pawn Storm and APT3 cyber espionage groups in Operation Erebus campaign and seen in payloads included with CryptXXX, Cerber and DMA Locker ransomware, as well as the Gootkit Trojan.
Software: Adobe Flash Player
Known/fameous malware:
Exploit kit: Angler, Magnitude, Neutrino, RIG.
Links:
https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
http://securityaffairs.co/wordpress/47197/hacking/cve-2016-4117-adobe-flash-zero.html
https://security.berkeley.edu/news/vulnerable-adobe-flash-player-allows-remote-code-execution-cve-20...
http://news.softpedia.com/news/nine-days-later-flash-zero-day-cve-2016-4117-already-added-to-exploit...
https://www.helpnetsecurity.com/2016/05/16/flash-0day-exploit-booby-trapped-office-file/
http://securityaffairs.co/wordpress/47379/cyber-crime/cve-2016-4117-exploit-chain.html
https://andreafortuna.org/cve-2016-4117-a-new-adobe-flash-0-day-in-the-wild-56e78d519bf5#.9ogjnryxb
http://www.pcworld.com/article/3073561/security/a-recently-patched-flash-player-exploit-is-being-use...
https://www.peerlyst.com/posts/cve-2016-4117-fireeye-revealed-the-exploit-chain-of-recent-attacks-he...
https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-8-adds-support-for-flash-v...
http://neurogadget.net/2016/05/29/adobe-flash-player-exploit-used-hackers-attack-users/31733
http://www.bankinfosecurity.com/zero-day-attacks-pummel-ie-flash-a-9093
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when handling .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.The weakness was presented by Kafeine (EmergingThreats/Proofpoint), Genwei Jiang (FireEye, Inc.) and Clement Lecigne (Google).
According to FireEye, on April 2, Kafeine provided details on a version of the Magnitude Exploit Kit that was originally believed to be exploiting known Adobe Flash vulnerabilities.
Software: Adobe Flash Player
Known/fameous malware:
Magnitude, Neutrino and Nuclear Pack Exploit Kit.
Cerber and DMA Locker ransomware.
Links:
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html
http://blog.trendmicro.com/trendlabs-security-intelligence/look-adobe-flash-player-cve-2016-1019-zer...
https://www.proofpoint.com/us/threat-insight/post/killing-zero-day-in-the-egg
http://securityaffairs.co/wordpress/46107/malware/adobe-fixes-cve-2016-1019.html
https://www.bleepingcomputer.com/news/security/adobe-releases-security-advisory-on-critical-vulnerab...
http://www.zdnet.com/article/cyberattackers-botch-integration-of-adobe-flash-zero-day-vulnerability-...
http://www.eweek.com/security/adobe-patches-zero-day-flaw-used-by-exploit-kit.html
https://www.grahamcluley.com/adobe-flash-responsible-six-top-10-bugs-used-exploit-kits-2016/
http://hub-apac.insight.com/h/i/236881036-zero-day-attack-discovered-in-magnitude-exploit-kit-target...
https://trushieldinc.com/adobe-flash-player-zero-day-exploit/
https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/04/botched-flash-0day-ge...
http://www.symantec.com/connect/blogs/new-flash-zero-day-exploited-attackers-wild
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2016-1019-zero-day-integrated-in-expl...
https://threatpost.com/emergency-update-coming-for-flash-vulnerability-under-attack/117219/
http://www.ecommercetimes.com/story/83348.html
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.The vulnerability was reported by Anton Ivanov from Kaspersky Lab. The vulnerability was used by the ScarCruft group in Operation Daybreak campaign.
Software: Adobe Flash Player
Known/fameous malware:
Used in Angler Exploit Kit.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
http://blog.trendmicro.com/trendlabs-security-intelligence/root-cause-analysis-recent-flash-zero-day...
http://blog.trendmicro.com/trendlabs-security-intelligence/adobe-issues-emergency-patch-flash-zero-d...
ttp://blog.trendmicro.com/trendlabs-security-intelligence/tag/cve-2016-1010/
https://security.berkeley.edu/news/adobe-flash-player-multiple-zero-day-vulnerabilities-cve-2016-101...
https://technet.microsoft.com/en-us/library/security/MS16-036
http://securityaffairs.co/wordpress/45226/breaking-news/adobe-emergency-out-of-band-update.html
https://news.ycombinator.com/item?id=11262403
https://www.slashgear.com/adobe-flash-player-update-fixes-critical-vulnerabilities-11431218/
https://securify.co.in/adobe-flash-player/zero-day-adobe-flash-player-vulnerability-cve-2016-1010-2/
https://arstechnica.com/security/2016/03/adobe-issues-emergency-patch-for-actively-exploited-code-ex...
https://nakedsecurity.sophos.com/2016/03/11/flash-zero-day-prompts-emergency-update-from-adobe/
https://www.scmagazine.com/adobe-patches-active-flash-player-flaw/article/528925/
https://hotforsecurity.bitdefender.com/blog/update-flash-now-targeted-attacks-exploiting-security-ho...
http://www.securityweek.com/adobe-patches-flash-zero-day-under-attack
http://www.spamfighter.com/News-20163-Security-Bug-Used-in-Live-Attacks-is-Fixed-by-Releasing-Adobe-...
http://www.pcworld.com/article/3043055/security/emergency-flash-player-patch-fixes-actively-exploite...
http://wccftech.com/adobe-patches-yet-another-critical-flash-exploit/
https://www.infosecurity-magazine.com/news/adobe-issues-patch-for-23-flash/
http://www.eweek.com/blogs/security-watch/adobe-updates-flash-to-patch-zero-day-flaw.html
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
According to Kasperksy Lab report, this vulnerability has bein actively exploited in the wild by BlackOasis APT actor.
According to Kaspersky Lab, this vulnerability has being exploited in the wild by BlackOasis actor in June 2015.
Software: Adobe Flash Player