Adobe has just released a patch for the infamous Flash Player to fix a vulnerability actively exploited in the wild by some exploit kits. This vulnerability was actually a zero-day (CVE-2016-1019) but exploit kit authors botched its integration which resulted in only affecting older versions of Flash.
Another saving grace was the fact that a “mitigation introduced in Flash Player 21.0.0.182 currently prevents exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later“.
Nonetheless, since this could be tweaked and made functional to work on fully patched versions as well, Adobe went on to fix the bug.
The Magnitude EK which has been very active as of late was in fact using CVE-2016-1019 for some time. As we reported earlier this month, several (still) active malvertising campaigns are pushing Magnitude with a little tweak, including a fingerprinting gate right before the landing page.
Magnitude EK: CVE-2016-1019 with Flash 20.0.0.306:
The payload from this attack is the Cerber ransomware:
CVE-2016-1019 is blocked by Malwarebytes Anti-Exploit:
Drive-by download attacks that involve compromised sites or malvertising continue to leverage the Flash Player as the preferred piece of software for exploitation.
As an end-user, you need to evaluate your situation and decide whether you should keep it installed or not. If you do, it is critical that you run an exploit mitigation tool in parallel due to the likelihood of zero-day attacks. In other words, the traditional advice to keep your software up to date is not sufficient when it comes to high risk plugins such as Flash.
Malwarebytes customers running Malwarebytes Anti-Exploit were already protected against this latest zero-day.
Hit the road, Flash, and don’t you come back no more!
can not find flash player on my computer but I just upgraded to Win 10 – does that make a difference ??
I have been running both Malwarebytes and Exploit together for over a year now. It backs up my MSE, which there is nothing wrong with it. It´s a good anitvirus and the people from Malwarebytes have told me it is a very good combination.
I have just received the email below is it ligitimate or spam?
I installed Adobe Flash player 21 ActiveX yesterday because a video said it needed it to play.
It shows up in ”programmes and feature” under ”control pane”l but not in my list of “all programmes”
Dear Angus,
Adobe issued an emergency update to its Adobe Flash
Player software today after researchers discovered a vulnerability that was
being exploited to deliver ransomware. Flash has over one billion users, so odds
are you are affected by this update.
But Malwarebytes proactively
protected its millions of customers from this attack, blocking the ransomware
before it could encrypt files.
As a precaution, we suggest you update
your Adobe Flash Player (Shockwave Flash Plugin). In addition, we urge you to
consider installing both Malwarebytes Anti-Exploit Premium and Malwarebytes Anti-Malware Premium for the layered protection
that stops attacks like this from infecting your computer. Malwarebytes
Anti-Exploit Premium blocks the exploit attempt, while Malwarebytes Anti-Malware
Premium stops the ransomware execution (if Malwarebytes Anti-Exploit Premium is
not installed).
We’d hate to see your computer compromised. Here at
Malwarebytes, we pledge to keep you protected and informed about the latest
issues. Your peace of mind is our number one priority.
Sincerely,
The Malwarebytes Team
P.S. Learn more about this threat here.