Adobe may have already patched a Flash Player vulnerability last week, but several users—especially those in the US, Canada, and the UK —are still currently exposed and are at risk of getting infected with CryptoWall 3.0. The Magnitude Exploit Kit included an exploit for the Flash vulnerability, allowing attackers to spread crypto-ransomware into their target systems.
The fix for the vulnerability was just released on June 9th. The exploit appeared June 15th.
This particular vulnerability, identified as CVE-2015-3105, was fixed as part of Adobe’s regular June Update for Adobe Flash Player which upgraded the software to version 18.0.0.160. However, many users are still running the previous version (17.0.0.188), which means that a lot of users are still at risk.
As of this week, these are the top 5 countries most affected by this threat:
- United States
- Canada
- UK
- Germany
- France
Ongoing Exploit Problem
This is another example of how cybercriminals rapidly take advantage of recently-patched vulnerabilities through exploit kits. We saw a similar incident in March, where exploits for an Adobe Flash Player vulnerability were added to the Nuclear Exploit Kit just a week after the patch was released. We also noted earlier this month that Flash Player was being targeted more frequently by exploit kits, and that shows no sign of changing soon.
Widely-used exploit kits such as Magnitude are often well-maintained with new vulnerabilities. Our research on these tools reveals that Magnitude is one of the most used exploit kits by cybercriminals along with SweetOrange and Angler.
CryptoWall is also another notable threat in and of itself. We initially saw CryptoWall last year spreading through spam, and again later this year partnering with information stealing malware FAREIT.
For a more technical details, see the original Trend Micro blog:
Magnitude Exploit Kit Uses Newly Patched Adobe Vulnerability - US Most At Risk