Emergency Adobe Flash Patch Fixes Zero-Day Under Attack

← Back to Stories (view on slashdot.org)

Emergency Adobe Flash Patch Fixes Zero-Day Under Attack

Posted by Soulskill on Tuesday June 23, 2015 @06:30AM from the film-at-11 dept.

msm1267 writes: Adobe has released an emergency patch for a Flash zero-day used in targeted attacks by APT3, the same group behind 2014's Clandestine Fox attacks. Adobe said Flash Player 18.0.0.161 and earlier for Windows and Macintosh systems are affected, as is 11.2.202.466 for Linux 11.x versions.

The current iteration of Clandestine Fox attacks shares many traits with last year's attacks, including generic, almost spam-like phishing emails intent on snaring as many victims as possible that can be analyzed for their value before additional attacks are carried out. The two campaigns also share the same custom backdoor called SHOTPUT, as well as an insistence on using a throwaway command and control infrastructure.

71 comments

Min score:

Reason:

Sort:

Relation to CryptoWall virus? by DigiShaman · 2015-06-23 06:37 · Score: 1

Any relation to the CrytoWall virus? So far three companies that I know of got hit hard by this SOB. I've blocked TOR and i2P traffic in attempt to break future contact between infected computers and it's bonet/C&C servers. CryptoWall is a nasty motherfucker!

--
Life is not for the lazy.
1. Re:Relation to CryptoWall virus? by gweihir · 2015-06-23 07:19 · Score: 1
  
  Actually, a tall whiskey now and them makes the Flu quite a bit more bearable. I do agree on your intended meaning though.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
2. Re:Relation to CryptoWall virus? by Anonymous Coward · 2015-06-23 07:32 · Score: 0
  
  I still don't get why this isn't filtered / stopped on a national level. Surely the cost would be justified in savings to the masses.
3. Re:Relation to CryptoWall virus? by Penguinisto · 2015-06-23 08:09 · Score: 1
  
  I still don't get why this isn't filtered / stopped on a national level. Surely the cost would be justified in savings to the masses.
  Protocol spoofing, VPNs... yeah, good luck with that.
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
4. Re:Relation to CryptoWall virus? by iMouse · 2015-06-23 10:10 · Score: 1
  
  We started seeing exploits of Flash Player (CVE-2015-3105) containing CryptoWall payloads last week. This new one probably has the ability to carry out a very similar payload, but is instead concentrating on backdoor access, potentially for botnet building or data extraction.
5. Re: Relation to CryptoWall virus? by Redmancometh · 2015-06-23 10:43 · Score: 1
  
  Are you insane? From a business standpoint they don't give a shit about your privacy. If anything it should have already been blocked.
disable flash! by Gravis+Zero · 2015-06-23 06:48 · Score: 5, Insightful

i said it before and i'll say it again.
there are very few reasons to keep flash installed/enabled. if you must have it, use flashblock but chances are you can just disable/remove it completely. if some site still uses flash to play video, leave a complaint in the comments. those that haven't switched to html5 yet will do so soon enough.
if you still have java plugin installed, you better have a good reason because no (sane) sites use that shit.

--
Anons need not reply. Questions end with a question mark.
1. Re:disable flash! by NotInHere · 2015-06-23 07:01 · Score: 1
  
  Disabling since 2011 and very unhappy with site adoption. At least if the site is popular, its targeted with 3rd party software, like twitch for example.
2. Re:disable flash! by grimmjeeper · 2015-06-23 07:04 · Score: 1
  
  Yep. Keeping flash installed and running on your computer is like going around licking people in the infectious disease ward in the hospital.
3. Re:disable flash! by catsRus · 2015-06-23 07:13 · Score: 1
  
  LOL Great comment, Flash is trash, and it must die a painful death.
4. Re:disable flash! by DigiShaman · 2015-06-23 07:13 · Score: 1
  
  Many financial sites require Java and Acrobat Reader. And then there's the Trusteer Rapport application which locks down your browser communication. I can't say it doesn't do the job at security, but it really fucks with accessing certain other websites and and features embedded.
  These financial institutions should have two physical computers. One dedicated to accessing only certain sites with JRE, Acrobat, and Flash, and another for everyday other usage scenarios.
  
  --
  Life is not for the lazy.
5. Re:disable flash! by gweihir · 2015-06-23 07:20 · Score: 1
  
  You are quite right. Flash is un-fixable. I de-installed and disabled it some months ago because I was finally fed up.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
6. Re:disable flash! by Kjella · 2015-06-23 07:23 · Score: 1
  
  Click to play will protect you against most exploits, since they usually depend on either a) redirects to random malware page or b) infecting ad banners. Sadly there's a lot of decent content built on last decade's technology. And some that are adopting that tech today, but I can't really say more....
  
  --
  Live today, because you never know what tomorrow brings
7. Re:disable flash! by Anonymous Coward · 2015-06-23 07:25 · Score: 0
  
  But both firefox and chrom* have a click-to-play feature
8. Re: disable flash! by Anonymous Coward · 2015-06-23 07:33 · Score: 0
  
  WHAT financial sites and why are you using then?!
9. Re:disable flash! by gstoddart · 2015-06-23 07:50 · Score: 1
  
  Except for work computers, which almost always require at least one annoying thing per year which needs Flash ... I've had Flash disabled or simply not installed for as long as there has existed Flash.
  Because it's been a horribly broken security hole since it has existed.
  My solution to broken videos that require Flash? I simply don't give a damn.
  I'm sure there are things people feel they can't live without that require Flash ... for me, I have yet to find a single one.
  After over a decade of simply not using Flash, I don't really feel like I've missed much.
  
  --
  Lost at C:>. Found at C.
10. Re: disable flash! by Anonymous Coward · 2015-06-23 08:28 · Score: 0
  
  The Federal Reserve comes to mind as does multiple county appraisal district web sites for Java and Acrobat. At the moment, I don't recall about a Flash requirement. Some Federal Reserve sites also require the use of a USB dongle.
11. Re:disable flash! by jbmartin6 · 2015-06-23 08:33 · Score: 1
  
  Except for exploits, including the one in the article, which use Flash embedded in Word and other documents sent by email. The HTTP browser isn't the only application which can use Flash content.
  
  --
  This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
12. Re:disable flash! by Somebody+Is+Using+My · 2015-06-23 09:30 · Score: 1
  
  I finally removed Flash two weeks ago. Even with white-listing and Flashblock/Click-to-Enable, the few video sites and online apps that use it weren't worth the continued risk of having it installed. Occasionally I run across a site that requires Flash, but these are rare enough that I can skip by the site without too much worry (if I really /really/ need to access a Flash-enabled site, I'll just fire up a virtual image and install Flash on that).
  Only downside is that controls for HTML5-video aren't quite as strict as Flashblock; there's too much video sneaking through these days. Flashblock isn't quite up to that task yet. Still, better that than Flash.
13. Re:disable flash! by dos1 · 2015-06-23 11:13 · Score: 1
  
  On my system, it is.
14. Re:disable flash! by Anonymous Coward · 2015-06-23 11:48 · Score: 0
  
  PINGTEST.NET requires the java plugin, do you know a better or different site to do that test?
15. Re:disable flash! by Anonymous Coward · 2015-06-23 20:01 · Score: 0
  
  HTML5 click to play is not going to arrive until Firefox 41.
  Until then, anyone using a tabbed browser will be better off with Flash, which has had click to play for a couple of years. The mumbo-jumbo that comes out of several audio streams playing at the same time is not useful in any way.
  Besides, Youtube may have switched to HTML5 video, but the other tubes have not.
16. Re:disable flash! by Anonymous Coward · 2015-06-23 21:37 · Score: 0
  
  Yeah except that last year Firefox, Chrome and IE (obvs) all had more security vulnerabilities than Flash
  source: https://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/
Flash by Anonymous Coward · 2015-06-23 06:50 · Score: 0

Stop using Flash, please. Let it die. Kill it like Silverlight. Please. Flash updater on Mac is complete shit. To get the new one requires a complete uninstall. And Abobe insists on the use of their shitty buggy updater that stops at 25% every time for installation - and they stopped posting the ftp link for the new one - I can't even get to their repository via ftp anymore. And following their advice (like turning off all my security, firewalls, etc ...!!!) does not fucking work.
The incompetence and stupidity of the Flash developers is causing all of this.
That's why I fucking block Flash. If your website cannot work properly without it, then you are incompetent.
Complete and udder stupidity. If I could, I would fire every goddamn person on the entire Flash team. You people deserve - including management - to be replaced by H1-bs. Actually, Mexican farm laborers could do better.
Same goes for the morons on Java ....
CAPTCHA: candid
1. Re:Flash by Anonymous Coward · 2015-06-23 07:11 · Score: 0
  
  Many of the legacy applications on our company intranet still require flash; we cannot turn it off until those are completely redone. I have no idea when that might happen but it's not in this year's budget anyway. And I know of at least one of the banks I do business with requires it, not for secure functions but you cannot get to the secure portion of the site unless you pass through the portal that has flash and there is no way to do that if you don't have it installed. I suspect I'm in the same boat as a lot of people - I don't want to use it and I know I shouldn't, but I really don't have an alternative.
2. Re: Flash by Anonymous Coward · 2015-06-23 07:20 · Score: 0
  
  Change bank.
3. Re:Flash by Anonymous Coward · 2015-06-23 07:51 · Score: 0
  
  Many of the legacy applications on our company intranet still require flash; we cannot turn it off until those are completely redone. I have no idea when that might happen but it's not in this year's budget anyway.
  
  You need to find a job.
4. Re:Flash by Grishnakh · 2015-06-23 09:47 · Score: 1
  
  As long as he's getting paid well, why should he change? (Unless something better comes along of course.) This isn't his personal computer, it's his work computer. If you have shitty software on your work PC and it causes problems, who cares; just call IT, and when your manager complains about slipped schedules you can blame the crapware and IT.
  For personal stuff though, you can't blame others when flash fucks up your PC. So he should find another bank.
5. Re:Flash by Anonymous Coward · 2015-06-23 12:05 · Score: 0
  
  And Abobe insists on the use of their shitty buggy updater that stops at 25% every time for installation - and they stopped posting the ftp link for the new one - I can't even get to their repository via ftp anymore.
  Adobe provides real full installers, no bullshit stubs: https://www.adobe.com/products/flashplayer/distribution3.html
  They just hide them very well. Fuck Adobe and fuck Flash.
not another one. FUCK! by AndyKron · 2015-06-23 06:50 · Score: 1, Insightful

Fuck. Another goddamn Adobe update? Fuck Adobe updates.
1. Re:not another one. FUCK! by Anonymous Coward · 2015-06-23 07:07 · Score: 0
  
  Fuck. Another goddamn Adobe update? Fuck Adobe updates.
  Of course. Another day, another Adobe update for a critical vulnerability. As surely as the sun will rise.
2. Re:not another one. FUCK! by geekmux · 2015-06-23 07:24 · Score: 1
  
  Fuck. Another goddamn Adobe update? Fuck Adobe updates.
  Are you new to Adobe, Windows, or just computers in general?
  Dunno how the hell you're gonna survive the future when your fucking toilet is gonna need a weekly update to avoid those shitty vulns.
  Yeah, yeah, yeah...I know it's just a smart toilet. It was in the EULA. Right there on page 743. You should learn to read those things.
3. Re:not another one. FUCK! by Anonymous Coward · 2015-06-23 07:32 · Score: 0
  
  The issue is that Flash's functionality hasn't changed in years, but it needs a security update every other week. You'd think that Adobe could've have sorted that all out by now. If this is the quality of a simple playback plug-in, what conclusion can be drawn about the quality of the rest of their software.
4. Re:not another one. FUCK! by Megane · 2015-06-23 07:37 · Score: 1
  
  I just got an update downloaded like two days ago for 18.0.0.160 and hadn't installed it yet. Now it's already two numbers obsolete? And the number one use of this festering pile is to deliver ads that take over your page and scream at you.
  
  --
  #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
5. Re:not another one. FUCK! by geekmux · 2015-06-23 07:53 · Score: 2
  
  The issue is that Flash's functionality hasn't changed in years, but it needs a security update every other week. You'd think that Adobe could've have sorted that all out by now. If this is the quality of a simple playback plug-in, what conclusion can be drawn about the quality of the rest of their software.
  Adobe Acrobat Reader v5 was about 15MB in total size after installation.
  Adobe Acrobat Reader v11 is over 400MB in total size after installation.
  I really don't think there's any question as to the quality of their shitty bloatware.
  In fact, one could argue the main functionality that Adobe has brought to the desktop and browser in the last 10 years is plenty of attack vectors.
  And all this bloatware bundling bullshit won't go away until we start holding vendors accountable for the vulnerabilities they create.
6. Re:not another one. FUCK! by ArcadeMan · 2015-06-23 08:48 · Score: 1
  
  Yeah, yeah, yeah...I know it's just a smart toilet. It was in the EULA. Right there on page 743. You should learn to read those things.
  You may be joking, but now I'm really wondering if toilets in Japan can have their firmware updated, etc.
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
7. Re:not another one. FUCK! by Anonymous Coward · 2015-06-23 13:40 · Score: 1
  
  Adobe Acrobat Reader v11 is over 400MB in total size after installation.
  I just want to know - if there's anybody from Adobe still here, what the blueberry fuck is all that shit supposed to be doing? A fucking PDF reader. Half a fucking gigabyte. What. The. Blueberry. Fuck.
8. Re:not another one. FUCK! by Mashiki · 2015-06-23 16:22 · Score: 2
  
  Oh it gets better. Since the last release, they now force mcafee on you.
  
  --
  Om, nomnomnom...
9. Re:not another one. FUCK! by gnupun · 2015-06-23 22:42 · Score: 1
  
  If only Flash had been implemented in a safer programming language, like Pascal, these bugs would've been rare and few. But all the macho programmers love C/C++, so more vulnerabilities and updates for you every day.
Simpler fix: uninstall by Anonymous Coward · 2015-06-23 06:52 · Score: 2, Insightful

Youtube uses HTML5 now. Why does anyone still have a reason to use flash? (I mean besides for watching pr0n, which you do inside a virtual machine, and you restore to a checkpoint afterwards to completely avoid any possibility of malware infestation or cross-session cookies, right?)
tl;dr: Uninstall flash. You don't need it anymore.
1. Re:Simpler fix: uninstall by Anonymous Coward · 2015-06-23 07:08 · Score: 0
  
  What I find really annoying is some of the better porn sites require flash on windows/linux, yet if I browse them on my iPad it magically works without it...
2. Re:Simpler fix: uninstall by Anonymous Coward · 2015-06-23 08:02 · Score: 0
  
  So which version of Firefox will support HTML5 video on Youtube and doesn't come with Pocket?
3. Re:Simpler fix: uninstall by Anonymous Coward · 2015-06-23 08:08 · Score: 0
  
  You *do* know you can disable Pocket, or simply not use it, right?
4. Re: Simpler fix: uninstall by Anonymous Coward · 2015-06-23 08:20 · Score: 0
  
  So then set your user agent to say its safari for ios?
5. Re:Simpler fix: uninstall by Actually,+I+do+RTFA · 2015-06-23 09:06 · Score: 1
  
  You can get porn over HTML5.
  But Hulu and Netfllix both still require 3rd party plugins (Flash, Silverlight)... if I recall correctly.
  
  --
  Your ad here. Ask me how!
6. Re:Simpler fix: uninstall by Gizan · 2015-06-23 09:14 · Score: 1
  
  Youtube isnt HTML5 default like it claims, i recently had problems with youtube after new chrome install, and it was still on flash, now i have it forced to html5.
7. Re:Simpler fix: uninstall by Anonymous Coward · 2015-06-23 11:17 · Score: 0
  
  The one before they added Pocket.
8. Re:Simpler fix: uninstall by ShaunC · 2015-06-23 12:21 · Score: 3, Informative
  
  Youtube uses HTML5 now. Why does anyone still have a reason to use flash?
  Most functionally useful weather radars, including NOAA's, require Flash. My state's Department of Transportation uses Flash for their traffic cameras. Livestream.com, which hosts my local TV news broadcasts along with other stuff like SpaceX launches, is still Flash. And if I want to view any cable TV programming on the computer, Comcast's player is Flash based.
  I'd love to have uninstalled Flash a long time ago; for the time being I have to keep it around and use Flashblock.
  
  --
  Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
9. Re:Simpler fix: uninstall by MrL0G1C · 2015-06-23 13:47 · Score: 1
  
  Except for some youtube embeds - they still require flash to use. I have to enable flash for pages pretty regularly.
  
  --
  Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Irrelevant by Anonymous Coward · 2015-06-23 07:03 · Score: 0

I fixed this issue long before it could become a problem: Remove Flash.
vmware vsphere is still flash based by Anonymous Coward · 2015-06-23 07:04 · Score: 1

vmware vsphere is still flash based
1. Re:vmware vsphere is still flash based by Anonymous Coward · 2015-06-23 07:44 · Score: 0
  
  Flash has been integrated into IE since version 10, and in Google Chrome for quite some time. Those two environments may be quite sandboxed, but the flaws still exist. VSphere's blasphemous management tool will continue to be supported for some time to come.
2. Re:vmware vsphere is still flash based by Anonymous Coward · 2015-06-23 08:01 · Score: 0
  
  Which says a lot about vmware software right there.
3. Re:vmware vsphere is still flash based by Penguinisto · 2015-06-23 08:15 · Score: 1
  
  Even worse - no more C-based fat client from which to avoid using Flash.
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
The unwashed masses by stoned_ritual · 2015-06-23 07:10 · Score: 1

need to crush their candy and blitz their jewels.
Ok, I'm confused. by fuzzyfuzzyfungus · 2015-06-23 07:12 · Score: 1

How does Adobe distinguish between 'normal' and 'emergency' when it comes to attacks facilitated by the Adobe Malware Runtime?
Fortunately, I do not need to care by gweihir · 2015-06-23 07:17 · Score: 2

I have de-installed the "Flash" malware some time ago and it will _not_ find its way on my computer again. This thing is a solution for nothing, but a persistent problem. It really is a pity, Adobe used to make good software. Not anymore.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
1. Re:Fortunately, I do not need to care by Anonymous Coward · 2015-06-23 09:40 · Score: 0
  
  And how do you watch porn? Are there any html5 porn sites? (serious question)
2. Re:Fortunately, I do not need to care by Anonymous Coward · 2015-06-23 11:20 · Score: 0
  
  Lots of them, as long as you somehow trick them to think you're on iPad.
3. Re:Fortunately, I do not need to care by Anonymous Coward · 2015-06-24 01:05 · Score: 0
  
  Yeah, no one would ever look to Photoshop or Illustrator. They are gone with the dinosaurs... or?
Nuremburg 2.0 by ThatsNotPudding · 2015-06-23 07:17 · Score: 1

I look forward to the Flash programmers soon being tried for their crimes against humanity.

Hmm. Maybe not, as it will probably be broadcast using Flash.
Why is flash still a thing? by Anonymous Coward · 2015-06-23 07:27 · Score: 0

Let it die already it serves no valid purpose any longer its perpetuated by hangers on and 'web designers' without the capacity to learn new things
APT3 by SeaFox · 2015-06-23 07:43 · Score: 1

If they were a female hacker group, they should haven take the name APT3-G. That would have made the "Clandestine Fox" attack even more deliciously-named.
Grammar Anybody??? by Anonymous Coward · 2015-06-23 08:29 · Score: 0

What the fuck is the title saying?
Why can't it auto-update? by CODiNE · 2015-06-23 09:04 · Score: 1

Drives me nuts ever week or so asking me to install updates. It's a stupid pop-up updated app that gets triggered when a page with flash is loaded.
Yes I understand that running a browser non-stop for weeks goes against their updating philosophy. Too bad. The constant "Update now!" alerts just make their users more likely to fall for phishing scams.
Instead, if you can't update your plugin on already loaded pages... Refactor your app.
Make the bit loaded by the browser a wrapper that can allow its back end to update when convenient. Otherwise everyone who uses tabs is going to hate you. (Those who don't already)

--
Cwm, fjord-bank glyphs vext quiz
1. Re:Why can't it auto-update? by Virtucon · 2015-06-23 09:09 · Score: 1
  
  update now, reboot.. FTFY
  
  --
  Harrison's Postulate - "For every action there is an equal and opposite criticism"
Plugin check page broken by MrL0G1C · 2015-06-23 13:49 · Score: 1

Mozilla couldn't run a piss-up in a brewery these days, I went to the plugin check page and it is broken, no plugin check, no link to adobe.

--
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
People are going to use it by WoodburyMan · 2015-06-23 14:08 · Score: 1

Despite me or my predecessor not loading Flash onto any systems we images and put out, I found it's on about 85% of our user's systems. Today I finally caved after seeing this and pushed the latest MSI from Adobe with this patch included out via GPO. Nearest I figure you're better controlling the beast than letting it run rampant and make sure users stay up to date. Tomorrow I will checking with management and pushing Chrome MSI as well to force users to use Chrome for all non local-Intranet sites.