Adobe has released a security advisory regarding a zero-day vulnerability (CVE-2014-0515) found in the program Adobe Flash. According to the advisory, the updates pertain to “Adobe Flash Player 18.104.22.168 and earlier versions for Windows, Adobe Flash Player 22.214.171.124 and earlier versions for Macintosh and Adobe Flash Player 126.96.36.1990 and earlier versions for Linux.”
Adobe has also acknowledged that an exploit for this zero-day exists, targeting Flash players on the Windows platform. If exploited, the zero-day could allow a remote attacker to take control of the system.
Users should install the update as soon as they can. They can check out the version of Flash installed through a page in the Adobe website. Updates for Flash via Internet Explorer and Google Chrome will be done automatically but you may require restarting the browser. For users who rely on browsers other than Internet Explorer, they will need to install the update twice (one for IE and another for the other browser). Microsoft has also released a security advisory related to this vulnerability. For downloading updates, we encourage users to rely on Adobe’s official site as “Adobe updates” are often used by bad guys to deliver malware and other threats to users.
We will continue to monitor this threat and provide new information as necessary.
Update as of May 2, 2014, 4:00 AM PDT
We have obtained samples of this attack in the wild. We detect these malicious files as SWF_EXPLOIT.RWF. We believe that this is being used in targeted attacks, as a specific version of Cisco MeetingPlace Express has to be installed for this attack to work.
In addition to detecting these malicious files, our browser exploit prevention technology (present in Titanium 7) has rules that proactively detect websites that contain exploits related to this vulnerability. Products with the ATSE (Advanced Threats Scan Engine), such as Deep Discovery, have heuristic rules which detect attacks using this vulnerability. These attacks are detected as HEUR_SWFJIT.B with ATSE pattern 9.755.1107 since April 22.
Update as of May 07, 2014, 10:48 P.M. PDT
Trend Micro Deep Security and OfficeScan Intrusion Defense Firewall (IDF) have released a new deep packet inspection (DPI) rule to protect against exploits leveraging this vulnerability:
- 1006031 – Adobe Flash Player Buffer Overflow Vulnerability (CVE-2014-0515)
- 1006044 – Restrict Adobe Flash File With Embedded Pixel Bender Objects