Yet another 0 day Flash exploit spreading ransomware

[Elixer]

If you are still using flash, then get flashblock, and use a ad blocker, and set the flash plugin to manual or deactivate.

Die flash, die!


https://www.proofpoint.com/uk/threat-insight/post/killing-zero-day-in-the-egg

Summarizing the main findings of this analysis:

Magnitude EK was found to be exploiting a previously unreported vulnerability in Adobe Flash, now assigned CVE-2016-1019.
Due to a faulty implementation of the exploit, it was not targeting the latest, fully patched versions of Adobe Flash in a way that could result in infection.
The exploit has been in the wild since at least March 31, 2016.
The exploit was observed spreading the Cerber and Locky ransomware, among others.
There is evidence that Nuclear Pack was also equipped with code to exploit CVE-2016-1019 but did not run it against fully patched systems.
Adobe has issued an emergency patch and advisory (APSA16-01) for this vulnerability.

And here is what Adobe has to say:
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html

 

[lxskllr]

How does software that's no longer gaining features have so many exploits? I'd kind of like to see Flash stick around so they can fix it right. "You can't leave the table til your math homework's correct" :^D

 

[John Connor]

In the affected systems it mentions nothing about Windows 7.

 

[TheRyuu]

In the affected systems it mentions nothing about Windows 7.

I believe it only targets Windows 10. I don't know the technical reason for this behavior, that's just what they were reporting.

I'm curious what effect any of the Chrome sandboxing features has on this ransomware and whether it provides protection or the ransomware defeats the sandboxing and other mitigation that can be applied to plugin processes. Although they seem to go into a little detail about the ransomware itself they fail to mention anything about specific browsers unless I missed something.

 

[Mike64]

How does software that's no longer gaining features have so many exploits? I'd kind of like to see Flash stick around so they can fix it right. "You can't leave the table til your math homework's correct" :^D

 

[nemesismk2]

i never use flash player because of all of the security problems.

 

[TheRyuu]

How does software that's no longer gaining features have so many exploits? I'd kind of like to see Flash stick around so they can fix it right. "You can't leave the table til your math homework's correct" :^D

ActionScript?