FireEye has recently provided details on a version of Magnitude Exploit Kit that was originally believed to be exploiting known Adobe Flash vulnerabilities.
The information was provided by security researcher Kafeine at Proofpoint. In collaboration, FireEye analysed the sample and discovered that Magnitude Exploit Kit was exploiting a previously unknown vulnerability in Adobe Flash Player. Both parties worked with Adobe to facilitate a speedy solution as successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Given the rise in ransomware attacks in recent months, it is most important to note that unlike most exploit kits using known vulnerabilities, this zero-day vulnerability was being used to distribute ransomware at the time of analysis. A mitigation introduced in Flash Player 21.0.0.182 currently prevents exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later.
This is not the first time that new exploit mitigation research rendered a zero-day exploit ineffective. Exploit mitigations are an invaluable tool for the industry, and their ongoing development within some of the most widely targeted applications – such as Internet Explorer/Edge and Flash Player – change the game. While version 21.0.0.197 of Flash Player is vulnerable to this exploit, execution fails because Adobe introduced new exploit mitigations in version 21.0.0.182 of Flash Player. This move by Adobe shows how valuable innovations into exploit mitigations can be. Before the authors of the exploit kit could devise a way around the new mitigations, Adobe patched the underlying vulnerability.
Despite regular security updates, attackers continue to target Flash Player, primarily because of its ubiquity and cross-platform reach. While the in-the-wild exploit achieves remote code execution on recent versions of Flash Player, it fails on the latest version. Users of Flash Player are advised to ensure that they update to the latest version.
Click below to share this article
