Adobe Releases Out–Of-Band Patch for a Fault in Flash Player

Securityweek.com reported on 23rd June, 2015 stating that Adobe systems recently released an emergency fix to address security flaws in its Flash Player which is being abused in large phishing operations.

Researchers of security firm FireEye discovered the bug, CVE-2015-3113, and have connected it to attacks by the hacking crew APT3 which have targeted many industries including telecommunications, aerospace, transportation and defense sectors.

Adobe in an official statement said that is knows that CVE-2015-3113 is being exploited in the wild through limited targeted attacks and systems having Internet Explorer on Windows 7 and below along with Firefox on Windows XP are known victims.

SCMagazine.com published news on 23rd June, 2015 quoting Mike Oppenheimer, Senior Threat Intelligence Analyst of FireEye, as saying "The targeted organizations are mostly in UK and US but it is believed that that their target is across the world."

Oppenheimer added that APT3 is one of the more advanced groups which quickly dumps credentials after successfully exploiting a target host and then moves laterally to additional hosts installing custom backdoors which was the use of the SHOTPUT backdoor in this operation.

The operation involved very common phishing emails sent by the group asking recipients to click on a link to get a good deal on a repaired iMac. When the recipient clicks on the link, he/she is redirected to a hijacked server hosting profiled JavaScript.

A tainted Adobe Flash Player SWF file and FLV file was downloaded after being profiled which leads to ultimate installation of the custom backdoor nicknamed SHOTPUT and FireEye detected it as Backdoor.APT.CookieCutter.

Threatpost.com published news on 23rd June, 2015 quoting Oppenheim as saying "APT which has been linked to the victim's organization based at China along with the kind of data stolen from that organization, has been caught quite early in this campaign but victims who were exploited before the availability of just released patch remain at risk."

Oppenheim said that one of these groups is using a zero day at any time and forming such a wide network which is very important especially because this activity has started during early June.

» SPAMfighter News - 6/30/2015