Warning: Adobe Flash Zero Day CVE-2014-0515

broken-flashYesterday reports indicated that over 26% of Internet users were vulnerable to a new Internet Explorer zero day that will never be patched on Windows XP. In the shadow of this announcement, Adobe Systems made a statement of their own: Adobe Flash 13.0.0.182 and all earlier versions are also vulnerable to a critical, zero day vulnerability and need to be updated to version 13.0.0.206.

How to Stay Protected

Zero day CVE-2014-0515 currently affects all versions of Adobe Flash prior to and including 13.0.0.182.

To find out what version you are currently running, go to Adobe’s system checker, here: https://www.adobe.com/software/flash/about/

Most major browsers, including Internet Explorer, Google Chrome, and Mozilla Firefox should have already updated automatically. If your browser hasn’t yet updated, try restarting it and then visiting Adobe’s system checker website again.

If after browser restart Flash still hasn’t updated, you can download the newest version of Flash (13.0.0.206) here: http://www.adobe.com/products/flashplayer/distribution3.html

Once you are running the latest version of Flash, you will be protected from this latest zero day.

Details About this Threat

CVE-2014-0515 was actually discovered in the wild, on a website owned by the Syrian Ministry of Justice – http://jpic.gov.sy/. This website is a forum where Syrian citizens can register complaints about injustices committed by Syrian officials. Targeting a large website like this, that attracts many users, is known as the watering hole technique. The watering hole technique works by “poisoning” one large source and thereby infecting numerous users who visit it. That a forum where users can register complaints about the Syrian government was utilized as a watering hole suggests that someone wanted to infect and perhaps monitor the computers of vocal dissidents. This further suggests that whoever was behind this attack was part of an Advanced Persistent Threat group, or an APT, which by definition is any highly organized group of malware authors that works together to specifically infect a high profile target.

While unfortunate for Syrian citizens, the fact that CVE-2014-0515 has been most likely exploited by an APT means that the majority of Internet users are not immediately vulnerable to infection; however, the zero day’s announcement is very likely to spawn many copycat attacks, and for this reason anyone running a vulnerable version of Flash should update as soon as possible.

Additional Steps to Protection

Disable Flash

This latest zero day is far from the first time Flash has been vulnerable to attack. Components of the media player were actually used in the latest IE zero day, and Flash actually saw a separate zero day only two months ago. Accordingly, many users choose to disable the plug-in entirely, and run it only when they need it and when they know they will be running it on a trusted website.

Download Emsisoft Anti-Malware

Emsisoft Anti-Malware provides 3 layers of protection. Layer 1 is called Surf Protection, and it automatically protects you from malicious websites like the one used to exploit this latest Adobe Flash zero day. Layer 2 is a dual engine malware scanner, and it recognizes over 12 million threats and is updated in real time. Layer 3 is Behavior Blocking technology, and it is our innovation, which is powerful enough to identify any unregistered variant attempting to maliciously modify your computer.

 Have a Great (Malware-Free) Day

Being choosy about your plug-ins and running a multi-layered anti-malware can make this happen – and when this happens you contribute to the vision of a Malware-Free World.