Adobe Flash zero-day vulnerability discovered
Authored by a Symantec employee
A new zero-day vulnerability has been discovered in Adobe Flash. Security researcher Kafeine reports that this vulnerability is currently being exploited in the wild.
A security suite that helps protect your devices.
Free security software just doesn’t have the resources to keep up with new threats as they emerge. That’s why you need a multi-layered defense to security. Meet Norton Security Premium — protection for up to 10 of your devices.
The term zero-day refers to an unknown vulnerability or an exploit in a software program that the developer of the software is newly aware of, and has not had the time to address and patch. Zero-days are particularly troublesome because they often present an open window during which cybercriminals can operate unchallenged. Because of this, zero-days are prized by cybercriminals who have knowledge of them and are used for as long and as quietly as possible.
In this case, the zero-day vulnerability was found in Adobe Flash, a widely distributed software application. Just as troubling, working exploits used to take advantage of this vulnerability were discovered in the Angler Exploit Kit, which is one of many tools sold on the underground market that help criminals commit cybercrime.
The Angler Exploit Kit uses this zero-day vulnerability in Adobe Flash to
install malware onto a computers and targets the latest version of Adobe Flash (version 126.96.36.1997). Simply visiting a compromised website can install malware onto a machine via the exploit. There is no action needed on the users’ part to become infected. While Adobe is aware of this newly discovered vulnerability, they have not issued a security advisory for it.
The exploit has already been used in a drive-by download campaign that attempts to deliver malware to the victim’s computer through malicious advertising (malvertising). The malicious adverts redirected through a series of sites that eventually led to the exploit code.
Does this vulnerability affect me?
Norton experts say that it’s important that users remain alert to stay protected from this vulnerability, as it targets the current version of Adobe Flash, which is widely used. Symantec considers this a severe incident, as it has the potential to affect a large number of users.
Testing performed by Kafeine concludes that the following products are affected:
- Internet Explorer versions 6 through 10
- Windows XP (Internet Explorer versions 6-8)
- Windows 7 (Internet Explorer version 8)
- Windows 8 (Internet Explorer version 10)
- Firefox browser
Fully patched versions of Windows 8.1 and the Google Chrome browser do not appear to be affected at this time.
How do I stay protected?
Prior to its disclosure, Symantec products were already blocking versions of the Angler exploit kit known to be attempting to exploit this vulnerability. We can also confirm that the latest version of Norton products protect against the Shockwave Flash File (SWF) file being used in the attack, which is detected as Trojan.Swifi.However, more research is still being conducted on the vulnerability by Symantec’s Security Response team.
Web browser technology can accommodate additional functionality through third party plugins and extensions. Just like any software, these plugins can contain vulnerabilities, which can be exploited. As a best practice we recommend that users reduce their exposure to vulnerabilities by turning off any plugins or extensions, which they do not use on a regular basis.
Please note that this is a developing story. We will continue to update this story as our Norton security research teams learn more.
UPDATE- Adobe has released a patch for this vulnerability. To learn how to update your flash player, go here.
Our best protection. One low price
Norton Security Premium helps protect up to 10 of your Windows PCs, Macs, Android smartphones or your iPads.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.