On June 23, Adobe released an out of bound security patch to address the zero day vulnerability that affected the widely used Adobe Flash Player. It is suspected that a group of highly sophisticated Chinese hackers is behind the attack. This particular attack was a phishing scam, and it looked rather benign unless you knew what to look for, which most IT help desk workers did not. If you have not done so already, you need to download and install the patch immediately and notify your users of the phishing email sent to exploit the vulnerability so that they won’t be at risk.
How the Hackers Exploited the Adobe Flash Zero Day Flaw
According to TechTarget, the group FireEye in Singapore was the first to discover the threat. FireEye has been watching the Chinese hacking group APT3 for some time now. TechTarget describes the vulnerability exploit as a generic looking phishing email that arrives looking much like any random spam. This particular email is offering special deals on Apple computers. The virus, “uses common vector corruption techniques to bypass address space layout randomization security, and return-oriented programming to bypass data execution prevention,” according to TechTarget.
Adobe Releases an Out of Bound Security Patch
As soon as the threat was identified, Adobe released the patch. The vulnerability that allowed for the attacks was present in Adobe Flash Player 126.96.36.199 and earlier versions for Windows and Macintosh machines, Adobe Flash Player Extended Support Release version 188.8.131.522 and earlier 13.x versions for Windows and Macintosh, and Adobe Flash Player 184.108.40.2066 and earlier 11.x versions for Linux.
You can get the patch and full instructions for installing it at the Adobe Security Products webpage. For more information, IT service desk members can research threat CVE-2015-3113.
The Hackers Involved in the Adobe Flash Zero Day Exploit
APT3, the Chinese hackers blamed for this zero day threat have a history of launching zero day exploits to target browser vulnerabilities. Most recently, the FireEye Threat Research team has identified the group as having targeted a number of industries, including aerospace and defense, construction and engineering, high tech, telecommunications, and transportation.
The recent Adobe Flash Player threat seems to have been deliberately aimed at groups within these specific industries. The group is known for exploiting a system, dumping their credentials quickly, and moving on immediately to other hosts to install custom backdoor vulnerabilities.
In the Adobe zero day attack, the vulnerability allowed hackers to take control of the infected systems, as is their common modus operandi.