Adobe Flash Player's extra security measures broken in less than a month

Additional security measures added to Adobe Flash Player earlier this month have been circumvented already. The measures were added to make it harder to exploit vulnerabilities in the Flash browser plugins.

myce-adobe-flash

ADVERTISEMENT

Cybercriminals have developed an exploit for a leak that Adobe patched earlier this month. Through the vulnerability unpatched computers can be infected with malware, just like with previous vulnerabilities. It's a trend to release exploits quickly after a security update for a vulnerability is released. The Flash updates allowed cybercriminals to find out what kind of vulnerabilities were patched. And these vulnerabilities were then used to infect users who hadn't updated yet.

After the release of a better protected version of Flash Player, cybercriminals shifted their attention to Internet Explorer and no exploits for Flash appeared anymore.

It seems that shift was only temporarily. Security researcher Kafeine from the blog 'Malware don't need coffee' reports that the now discovered exploit has been added to the Angler exploit kit and exploits a vulnerability in Flash Player 18.0.0.209.

ADVERTISEMENT

In case the attack is successful the exploit kit will installed a Bedep Trojan and makes the computer part of a botnet. This botnet can then install additional malware to use the computer for all kinds of purposes, like click fraud or sending SPAM.

No posts to display