Adobe has rolled out an emergency fix to address a critical vulnerability (CVE-2015-3113) in its Flash software. Users are recommended to update asap as CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. The firm notes systems running IE for Windows 7 and below, as well as Firefox on Windows XP, are known targets.
Security Affairs has some more information about the hole. It was discovered by security firm FireEye, they found hacking crew APT3 was using it to target a number of industries, including telecommunications, transportation and aerospace and defense sectors:
The attack vector is once again the email, according to FireEye, the attackers send messages containing links to compromised web servers that were used to serve both harmless content or a malicious Adobe Flash Player exploit for the CVE-2015-3113.
“In June, FireEye’s FireEye as a Service team in Singapore uncovered a phishing campaign exploiting an Adobe Flash Player zero-day vulnerability (CVE-2015-3113). The attackers’ emails included links to compromised web servers that served either benign content or a malicious Adobe Flash Player file that exploits CVE-2015-3113.” states FireEye in the blog post.
“Once a target host was profiled, victims downloaded a malicious Adobe Flash Player SWF file and an FLV file, detailed below. This ultimately resulted in a custom backdoor known as SHOTPUT, detected by FireEye as Backdoor.APT.CookieCutter, being delivered to the victim’s system.”