Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Adobe has released a security advisory regarding a zero-day vulnerability (CVE-2014-0515) found in the program Adobe Flash. According to the advisory, the updates pertain to “Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux.”

    Adobe has also acknowledged that an exploit for this zero-day exists, targeting Flash players on the Windows platform. If exploited, the zero-day could allow a remote attacker to take control of the system.

    Users should install the update as soon as they can. They can check out the version of Flash installed through a page in the Adobe website. Updates for Flash via Internet Explorer and Google Chrome will be done automatically but you may require restarting the browser. For users who rely on browsers other than Internet Explorer, they will need to install the update twice (one for IE and another for the other browser). Microsoft has also released a security advisory related to this vulnerability. For downloading updates, we encourage users to rely on Adobe’s official site as “Adobe updates” are often used by bad guys to deliver malware and other threats to users.

    We will continue to monitor this threat and provide new information as necessary.

    Update as of May 2, 2014, 4:00 AM PDT

    We have obtained samples of this attack in the wild. We detect these malicious files as SWF_EXPLOIT.RWF. We believe that this is being used in targeted attacks, as a specific version of Cisco MeetingPlace Express has to be installed for this attack to work.

    In addition to detecting these malicious files, our browser exploit prevention technology (present in Titanium 7) has rules that proactively detect websites that contain exploits related to this vulnerability. Products with the ATSE (Advanced Threats Scan Engine), such as Deep Discovery,  have heuristic rules which detect attacks using this vulnerability. These attacks are detected as HEUR_SWFJIT.B with ATSE pattern 9.755.1107 since April 22.

    Update as of May 07, 2014, 10:48 P.M. PDT

    Trend Micro Deep Security and OfficeScan Intrusion Defense Firewall (IDF) have released a new deep packet inspection (DPI) rule to protect against exploits leveraging this vulnerability:

    • 1006031 – Adobe Flash Player Buffer Overflow Vulnerability (CVE-2014-0515)
    • 1006044 – Restrict Adobe Flash File With Embedded Pixel Bender Objects




    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    • Lou

      Does IDF protect against CVE-2014-0515 ?



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice