Active Exploitation of Vulnerability in Adobe Flash

Number: AL15-013
Date:
14 October 2015

Purpose

The purpose of this alert is to bring attention to the active exploitation of a recently disclosed vulnerability in Adobe Flash.

Assessment

CCIRC is aware of attacks exploiting a previously unknown vulnerability in fully patched versions of Adobe Flash.  As a result, CCIRC would like to raise awareness concerning this potentially serious vulnerability.  Malicious actors, notably “Pawn Storm” have been attempting to exploit this vulnerability in efforts to gain unauthorized access and install malware on end users computers as part of a broader phishing campaign.
                                                                                                                                
The affected versions of Adobe Flash include: versions 19.0.0.185 and 19.0.0.207 and earlier.

Suggested action

Due to the elevated risk that this vulnerability presents, CCIRC recommends that system administrators consider disabling Adobe Flash Adobe Flash until a permanent fix becomes available. As a long term strategy, browsers should be deployed that disable Adobe Flash by default, with an optional "click-to-play" mechanism to allow only Flash content that is explicitly approved by the user.

References:
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/
http://arstechnica.com/security/2015/10/new-zero-day-exploit-hits-fully-patched-adobe-flash/

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: