Critical Vulnerability in Adobe Flash Being Actively Exploited

Number: AL15-001
Date: 02 February 2015

Purpose

The purpose of this Alert is to bring attention to a recently published Critical Security Advisory for Adobe Flash Player.

Assessment

CCIRC is aware of several popular websites which have been re-directing users to websites serving a malicious .swf file exploiting a critical vulnerability in Adobe Flash. Malicious ad re-direction or Malvertising is serving an exploit, identified as CVE-2015-0313, which affects the most recent version of Adobe Flash. When the user is redirected to the compromised site, they are automatically infected with no further input or interaction with the user. Successful exploitation could potentially allow an attacker to take control of the affected system.

AFFECTED VERSIONS

Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh
Adobe Flash Player 13.0.0.264 and earlier 13.x versions
Adobe Flash Player 11.2.202.440 and earlier versions for Linux

Suggested Action

Adobe is expected to release an updated version of Flash later this week. Organizations should prioritize implementation of this update when available.

References:

Security Advisory for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/
TR11-001 Malware Infection Recovery Guide
http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2011/tr11-001-eng.aspx

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: