icetray - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Adobe releases emergency Flash zero-day patch

Adobe releases an emergency Flash Player patch for a zero-day flaw said to be used in a Chinese hacker group's phishing scheme.

A zero-day flaw in Adobe Flash Player has spurred the release of an out-of-band security bulletin to patch the vulnerability.

According to the Adobe bulletin, the update addresses a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system. Adobe noted the vulnerability is being actively exploited in the wild via "limited, targeted attacks," but did not give details on the attacks.

FireEye Threat Research has posted in its blog that a FireEye team in Singapore discovered the vulnerability being exploited by a China-based threat group as part of a phishing campaign. The group is being tracked by FireEye under the name APT3.

"This group is one of the more sophisticated threat groups that FireEye Threat Intelligence tracks, and they have a history of introducing new browser-based, zero-day exploits," FireEye wrote. "After successfully exploiting a target host, this group will quickly dump credentials, move laterally to additional hosts, and install custom backdoors."

According to FireEye, the way the Flash Player parses Flash Video files gives rise to the vulnerability. The phishing emails are fairly generic and look like spam messages offering Apple computer discounts. The exploit uses common vector corruption techniques to bypass address space layout randomization security, and return-oriented programming to bypass data execution prevention.

Craig Young, security researcher for Tripwire Inc., was impressed with FireEye's post and the use of return-oriented programming (ROP) in these attacks.

"FireEye's release on Operation Clandestine Wolf detailing how this flaw was being exploited gives some interesting insight into the world of advanced threats," Young said. "Although techniques for bypassing ROP detection are presented now at just about every major security conference, this is one of the first times I am seeing evidence that real world threat actors are deploying tactics to evade ROP detection."

Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP are known targets, and Adobe recommends immediate update.


Dig Deeper on Microsoft Patch Tuesday and patch management

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

This is certainly good news so why am I not impressed...? Could have something to do with endless reports of vulnerabilities and frequent requests to shutter Flash and just move on. Firefox won't even let me install it any more, no matter the version. I'll miss Flash, briefly, but I won't miss all the security doors it leaves wide open.
I agree, but there's still an awful lot of functionality that seems to rely on Flash that hasn't yet been replaced by other alternatives.