An exploit kit named “Angler” is currently using an unpatched Flash 0-day to install malware.
According to the SANS Institute, current versions of Windows may be vulnerable, although Windows 8.1 and Google Chrome do not appear to be vulnerable. “Typically we see these exploits more in targeted attacks, not in widely used exploit kits,” it said. “This flaw could affect a large number of users very quickly.”
French security researcher Kafeine spotted the version of the Angler kit, and said that he first spotted the exploit for the zero-day in Flash on Wednesday and that it is being used to install a piece of malware known as Bedep, reported Threatpost.
Kafeine has not published the MD5 of the new exploit yet, but he said users may want to take precautions until Adobe has a fix available for the vulnerability. “Disabling Flash player for some days might be a good idea,” he said.
An Adobe spokesman said that the company is aware of the report and is investigating it. Pedro Bustamante, director of special projects at Malwarebytes, said: “The zero-day vulnerability in Flash Player could provide a big security risk for internet users, effectively opening an unguarded window onto PCs worldwide.
“The fact that it has seemingly been integrated into the Angler Exploit Kit shows that criminals are keen to use it to target people and businesses en-masse. Using a delivery mechanism such as Angler increases the chance of successful infections, allowing for accurate attacks through infected adverts on high traffic websites.
“The danger of any zero-day is that there is no patch in existence, so I would recommend caution from web-users until a confirmation and update is issued. We would also urge people to update security software and download Malwarebytes Anti-Exploit Free which, as pointed out by Kafeine, protects against this attack.”
