Security software vendor Trend Micro has identified yet another zero-day vulnerability under attack affecting Adobe Flash player. Confirmed by Adobe and currently unpatched, this new vulnerability puts more than 1 billion connected desktops with the current version of Adobe Flash at risk.
In a blog post just released, Trend Micro discusses how this vulnerability is similar to the one last week which affected Adobe’s Flash product on Microsoft Windows.
“Just like that situation, the attacks are being carried out through compromised online advertisements, a technique sometimes called malvertising,” said Christopher Budd, Trend Micro’s global threat communications manager.
Trend Micro researchers have discovered today’s attack dates back to at least Jan. 14, 2015, with increased activity beginning Jan. 27, 2015. “We’ve seen 3,294 hits of a known, compromised site. These latest attacks appear so far to be primarily affecting users in the United States,” said Budd.
Trend’s Security experts are warning those without adequate security systems to disable the Adobe Flash player until a patch is issued and available to download.
Trend Micro has some solutions for Australian customers and channel partners wishing to mitigate this:
The Browser Exploit Prevention (BEP) feature in Trend Micro Endpoint solutions (such as Trend Micro Worry-Free Business Security and Trend Micro OfficeScan) blocks the exploit upon accessing the URL it is hosted in. BEP also protects against exploits that target browsers or related plugins.
Trend Micro Deep Security, Vulnerability Protection (formerly the IDF plug-in for OfficeScan), and Deep Discovery customers with the latest rules also have an additional layer of protection against this vulnerability. Specifically, Trend Micro will be releasing the following rules and patterns for proactive protection:
- Deep Security rule DSRU15-004;
- Deep Packet Inspection (DPI) rule 1006468 for Deep Security and Vulnerability Protection (formerly the IDF plug-in for OfficeScan) customers; and
- The existing Sandbox and Script Analyzer engine that is part of Deep Discovery can also be used to detect this threat, without any engine or pattern update.
Administrators looking to block Flash can specifically block the affected versions from running or even lockdown their endpoints to only run specific applications and their updates with Trend Micro Endpoint Application Control. This lockdown policy therefore blocks all unwanted applications (e.g. any malware from executing on the endpoint).