Adobe Patches Critical Flash Flaw Exploited by APT3

Written by

Adobe users have been urged to patch a newly-released critical vulnerability in Flash Player, after researchers warned it is being exploited in the wild by sophisticated Chinese hacking group APT3.

Adobe released on Tuesday an out-of-band update to CVE-2015-3113, a vulnerability in the way Flash Player parses Flash video files.

FireEye claimed in a blog post timed to coincide with the Adobe patch that it spotted new emails sent by APT3 as part of a phishing campaign earlier this month.

“The attackers’ emails included links to compromised web servers that served either benign content or a malicious Adobe Flash Player file that exploits CVE-2015-3113,” it warned.

Over the past few weeks the group has launched a large scale phishing campaign aimed at organizations in high tech, telecoms, transportation, construction, and aerospace and defense, said FireEye.

APT3 has a history of introducing new browser-based exploits against commonly targeted software including Flash and Internet Explorer.

“After successfully exploiting a target host, this group will quickly dump credentials, move laterally to additional hosts, and install custom backdoors. APT3’s command and control infrastructure is difficult to track, as there is little overlap across campaigns,” FireEye explained.

APT3 first came to prominence in a FireEye report dubbed Operation Clandestine Fox back in April 2014.

It initially targeted a zero day exploit aimed at IE9-11, but then switched tactics to aim a new threat at unsupported Windows XP machines running IE8.

third adaptation then saw the group blend social media with email-based social engineering techniques to trick users into downloading malware hidden in an attachment.

Mark James, security specialist at Eset, argued that the popularity of the Flash plug-in makes it one of the most widely targeted by attack groups.

“This is an excellent example of why you should be very aware of updates for software not only operating systems,” he added. “Checking to see if any updates are available and installing them immediately is the only way to help protect yourself in the minefield of the software world that we use today.”

What’s hot on Infosecurity Magazine?