icetray - Fotolia

Adobe releases emergency Flash zero-day patch

Adobe releases an emergency Flash Player patch for a zero-day flaw said to be used in a Chinese hacker group's phishing scheme.

A zero-day flaw in Adobe Flash Player has spurred the release of an out-of-band security bulletin to patch the vulnerability.

According to the Adobe bulletin, the update addresses a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system. Adobe noted the vulnerability is being actively exploited in the wild via "limited, targeted attacks," but did not give details on the attacks.

FireEye Threat Research has posted in its blog that a FireEye team in Singapore discovered the vulnerability being exploited by a China-based threat group as part of a phishing campaign. The group is being tracked by FireEye under the name APT3.

"This group is one of the more sophisticated threat groups that FireEye Threat Intelligence tracks, and they have a history of introducing new browser-based, zero-day exploits," FireEye wrote. "After successfully exploiting a target host, this group will quickly dump credentials, move laterally to additional hosts, and install custom backdoors."

According to FireEye, the way the Flash Player parses Flash Video files gives rise to the vulnerability. The phishing emails are fairly generic and look like spam messages offering Apple computer discounts. The exploit uses common vector corruption techniques to bypass address space layout randomization security, and return-oriented programming to bypass data execution prevention.

Craig Young, security researcher for Tripwire Inc., was impressed with FireEye's post and the use of return-oriented programming (ROP) in these attacks.

"FireEye's release on Operation Clandestine Wolf detailing how this flaw was being exploited gives some interesting insight into the world of advanced threats," Young said. "Although techniques for bypassing ROP detection are presented now at just about every major security conference, this is one of the first times I am seeing evidence that real world threat actors are deploying tactics to evade ROP detection."

Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP are known targets, and Adobe recommends immediate update.


Dig Deeper on Microsoft Patch Tuesday and patch management