The creators of the popular Angler exploit KIT are known for being quick in integrating and exploiting zero-day vulnerabilities, this time they added an exploit related with the Flash player, the same version that was fixed two weeks ago by Adobe (17.0.0.188.).
The CVE-2015-3090 exploit is a memory corruption and was discovered and reported by Chris Evans of Google Project Zero.
“The exploit for CVE-2015-3090 involves a race condition in the shader class, in which asynchronously modifying the width/height of a shader object while starting a shader job will result in a memory corruption vulnerability. Angler uses this to execute arbitrary code and infect unpatched users’ systems,” reported FireEye in their last blog post.
The popular security researcher known by the name of Kafeine confirmed that also the exploit for CVE-2015-3090 was added to Angler Kit.
“As spotted by FireEye Angler EK is now exploiting CVE-2015-3090 patched with Flash 17.0.0.188” wrote Kafeine.
The way that the exploit work is:
Kafeine during his tests was able to exploit the flaw and serve the Bedep malware on the infected machines (normally Angler exploit kit uses Bedep in Flash player vulnerabilities).
Bedep was also explained in detail in a previous Fireye post, and it’s a “highly active malvertising operation involving Bedep ad fraud activity and malicious redirection to Exploit Kits (EK) via a multitude of advertising and search-affiliated domains.”
Experts at Trustwave observed a group of cyber criminals helping spread pro-Russia propaganda by inflating video views with a malvertising campaign. The threat actors behind the malvertising campaign used the Angler exploit kit to infect victims with the Bedep trojan, recently used to hit also the adult web site xHamster. According to the experts, the victims were infected after they visited a tourism website that hosted the Angler exploit kit.
I guess that we will not need to wait a lot to have more news about Angler kit.
About the Author Elsio Pinto
Edited by Pierluigi Paganini
(Security Affairs – Angler Exploit Kit, malware)
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
This website uses cookies.