Mozilla blocks vulnerable Adobe flash versions


A day after Facebook’s newly appointed Chief Security Officer Alex Stamos took to Twitter to call for more rapid moves to force Flash’s extinction as the plugin was reportedly being used to spread malware on users’ systems via security exploits, the head of Firefox Support has claimed to have blocked all the vulnerable versions of Adobe Flash in its Firefox browser.

On July 14, Mark Schmidt, head of Firefox Support posted on twitter, “BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now.”

According to a news report published on TheNextWeb, three major Flash vulnerabilities were discovered during security firm Hacking Team’s leaked 400GB worth of documents, which allow malicious files to execute code and install malware on victims’ computers and product source code leaked online.

“Mozilla has noted that Flash will remain blocked until Adobe releases a version that isn’t being actively exploited by publicly known vulnerabilities,” the report read.

It is also said that Mozilla is trialing Shumway, an HTML5-based efficient renderer for the SWF format that’s used with Flash files.

Update your Adobe flash player to stay safe


Few days after Microsoft published a security advisory about a new critical security bug in IE that is being used in limited and targeted attacks, Adobe has issued an emergency security update to fix a critical vulnerability(CVE-2014-0515) in flash player.

Please note that it is completely unrelated to IE Exploit in which bug was in IE and the flash file(.swf) used for making the attack successful.  But, in this case, the bug exists in the flash player plugin. 

So, people who use vulnerable version of Adobe Flash player likely to be vulnerable to this attack.

If you are using windows or Mac, make sure you have the latest flash player version 13.0.0.206.  If you are using Linux, make sure to update to the latest version 11.2.202.356.

This new zero-day flash exploit was spotted as being used in Watering-hole attacks by researchers at Kaspersky Labs in early April.

According to SecureList, this flash exploit spread from a Syrian Justice Ministry website(jpic.gov.sy).  Researchers believe the attack was designed to compromise the computers of Syrian dissidents complaining about the government.

CVE-2012-1535: Adobe Flash player being exploited in the wild


A word document 'iPhone 5 Battery.doc' containing a malicious embedded flash file explotis the recently patched Adobe Flash player vulnerability(CVE-2012-1535), Alienvault researchers warns.

About CVE-2012-1535:Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content.

Once victim open the the malicious document , it will exploit the vulnerability and executes the shellcode. Once the payload is executed, it drops a malicious dll file. While executing the malicious code, the malware displays a genuine article about leaked iPhone 5 battery Images.

This backdoor is know as c0d0so0 and also Backdoor.Briba and it has been seen in other targeted attacks exploiting CVE-2012-0779 among others during the past few months.

The backdoor contacts the remote sever publicnews.mooo.com using a HTTP POST request and attempts to download an executable file encapsulated in a ZIP and disguised as a GIF.

"The use of Dynamic DNS providers like DynDNS.org , 3322.net.. is very common in this kind of threats. You should be monitoring the requests to dynamic dns providers in your network,"Researcher says.