Author Topic: A recently patched Flash Player exploit is being used in widespread attacks  (Read 668 times)

Offline jasonX

  • Most Valuable Member
  • Youngling
  • *
  • Posts: 37
    • View Profile
A recently patched Flash Player exploit is being used in widespread attacks

Lucian Constantin of IDG News Service reports on the latest exploit vulnerability. Read on below.

An exploit for the previously zero-day CVE-2016-4117 vulnerability is now in the Magnitude exploit kit

The vulnerability, known as CVE-2016-4117, was discovered earlier this month by security researchers FireEye. It was exploited in targeted attacks through malicious Flash content embedded in Microsoft Office documents.

When the targeted exploit was discovered, the vulnerability was unpatched, which prompted a security alert from Adobe Systems and a patch two days later.

As it usually happens with zero-day exploits, it was only a matter of time until more cybercriminals got their hands on the CVE-2016-4117 exploit code and started using it in widespread attacks.

On Saturday, a malware researcher known as Kafeine spotted the exploit in Magnitude, one of the most popular exploit kits used by cybercriminals.

Exploit kits are Web-based attack tools that bundle multiple exploits for vulnerabilities in browser plug-ins like Flash Player, Java, Silverlight and Adobe Reader. They are used to silently install malware on users’ computers when they visit malicious or compromised websites.

Another way to direct users to exploit kits is through malicious ads posted on legitimate websites, a technique known as malvertising.

Source HERE

Nine Days Later, Flash Zero-Day CVE-2016-4117 Already Added to Exploit Kits

The following day, FireEye researcher Genwei Jiang, the man who discovered the Flash exploit used in the wild, revealed the technical details of CVE-2016-4117, the identifier assigned to this security bug.

Surprisingly, CVE-2016-4117 was not a Web-based exploit, but an attack delivered via Office files that contained a Flash object embedded in their content.

Crooks were using this exploit to infect users with malware when they opened the Office document and allowed the Flash object to run. CVE-2016-4117 was successful in infecting all users who had Flash Player version and earlier.

Source HERE