New Angler exploit kit includes a Flash zero-Day

The French security expert Kafeine has discovered an unpatched vulnerability (0day) in Flash Player is being exploited by Angler Exploit Kit.

The Angler exploit kit is one of the most popular crimeware kit and according to the French security researcher Kafeine it was enriched with a fresh Adobe Flash zero-day vulnerability. Kafeine has discovered a new variant of the Angler exploit kit that exploit three different vulnerabilities in Flash Player, including the zero-day flaw for the latest version of Flash (version 16.0.0.257) in several versions of Internet Explorer running on Windows 7 and Windows 8.

This new version of the Angler exploit kit includes also the code to exploit two known bugs, the researcher that he first discovered the exploit for the zero-day in Flash on Wednesday and that it is being used in the wild to install a the Bedep malware.

• Windows XP, IE6 to 9 obviously. Flash 16.0.0.257
• Windows 7, IE8 , Flash 16.0.0.257 : UA : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
• Win 8 IE10 with Windows8-RT-KB3008925-x86 (Flash 16.0.0.235) -UA : Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)

Kafeine has verified that IE 10 on Windows 8, IE 8 on Windows 7 and IE 6-9 on Windows XP all are being exploited, meanwhile Chrome safe such as a fully patched Windows 8.1. Kafeine hasn’t disclosed the MD5 of the new exploit, he is suggesting to disable Flash Player since the flaw will be fixed.

“Disabling Flash player for some days might be a good idea,” he said.

Adobe declared that it is aware of the new Angler exploit kit and is already investigating it.

Pierluigi Paganini

(Security Affairs – Angler exploit kit, malware)