UPDATE- After this article was published, Flash re-released another updated version 184.108.40.206 . This can be found by clicking here.
Users have been advised to update Adobe Flash as soon as possible following the discovery of a Neutrino exploit kit that is using a Flash Zero-day exploit.
This exploit was revealed during the recent hacking of a company called ‘Hacking Team’ who “sells malware and spyware technology to governments and law enforcement and intelligence agencies”. Hacking Team were hit by an unknown user/s on 6/7/15 who took control of their Twitter page and posted links to a torrent file containing over 400GB of data freely available for anyone to download. This data included passwords, client lists and the Neutrino exploit kit targeting Adobe Flash users.
Due to the detailed instructions and ease of use in this Neutrino exploit kit by Hacking Team, Malwarebytes senior security researcher Jérôme Segura has claimed it’s “one of the fastest documented cases of an immediate weaponisation in the wild”.
Adobe have since acknowledged this CVE-2015-5119 flaw, and is urging all users to update Adobe Flash as soon as possible to ensure they are protected. Users should update from any previous version of Adobe Flash to version 220.127.116.11. as a means to remain protected against the exploit. Without this update “successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system”.
Some Firewalls have already started catching this malware through their Intrusion Detection System (IDS) which automatically “monitors network or system activities for malicious activities or policy violations”. However, firewalls are only able to detect any potential malware if they are operating on the latest and most relevant patches and updates that contain all of the material needed to protect the end user. One firewall manufacturer that successfully identified and released a patch to target the Neutrino exploit before others is Fortinet from their FortiGaurd Centre. Fortigate customers who subscribe to Fortinet’s intrusion prevention (IPS) service are automatically covered against this latest Adobe Flash exploit.
Another method of protection against such malware is to utilise a reliable patch management system that will capture any updated patches and either automatically install the update or notify the user with a recommendation to update their software manually.
Signal Networks have a proven record of providing impartial advice, configuring and installing firewalls for many organisations from SME’s through to large Global corporations. Our services can also include a patch management system where we will monitor any security issues and software updates that are relevant to your working environment. Our comprehensive and accurate asset management system can also help determine whether all existing systems are accounted for when researching and processing information on patches and updates.
For more information, please contact us.