Adobe Flash ZeroDay Exploit in the wild

Kaspersky Labs – the one that says over and over that 20xx is “The Year of the Mac Virus” where xx=(03-15 so far) has released a study about a piece of malware that they have recently uncovered that is groundbreaking in many ways.  It is ALMOST undetectable, and they have been infecting machines for over 14 years.

If you like reading an analysis that reads more like a spy novel, the actual report is here.  A more accessible article was posted to Ars Technica on Feb 16, 2015.

“The discovery of the Equation Group is significant because this omnipotent cyber espionage entity managed to stay under the radar for almost 15 years, if not more,” Raiu said. “Their incredible skills and high tech abilities, such as infecting hard drive firmware on a dozen different brands, are unique across all the actors we have seen and second to none. As we discover more and more advanced threat actors, we understand just how little we know. It also makes us reflect about how many other things remain hidden or unknown.”

Kaspersky also claims that iOS and MacOS systems have been infected:

Redirects that sent iPhone users to unique exploit Web pages. In addition, infected machines reporting to Equation Group command servers identified themselves as Macs, an indication that the group successfully compromised both iOS and OS X devices.

It will be interesting to see if this discovery of Kaspersky Labs turns out to be something more than the active imagination of a FUD dealing protection peddler.

Due to security issues in older versions, Apple has updated the
web plug-in blocking mechanism to disable all versions prior to
Flash Player 16.0.0.305 and 13.0.0.269.

Time to update your flash player once again.  If you have windows, you should do it too, because Microsoft is content to let you run out of date vulnerable versions for years.

Trend Micro has identified a new Flash ZeroDay exploit.

ZeroDay? Whatchootalkinaboutwillis?

A ZeroDay Exploit is when a new bug is found in an application like Adobe Flash that is discovered, but no protective or ameliorative patch is available yet.  This means “YOU ARE AT HIGH RISK OF BEING COMPROMISED”.  This one is a real problem, because the attack vector relies on infected ads on otherwise trusted sites.

What can you do?

Install the latest patch whenever Adobe releases it.  Limit your web browsing, and don’t think you are impervious to exploit.

You can read more about the exploit here on Trend-Micro’s blog