FireEye recently provided details on a version of Magnitude Exploit Kit that was originally believed to be exploiting known Adobe Flash vulnerabilities. The information was provided by security researcher Kafeine at Proofpoint. In collaboration, FireEye analyzed the sample and discovered that Magnitude Exploit Kit was exploiting a previously unknown vulnerability in Adobe Flash Player. Both parties worked with Adobe to facilitate a speedy solution as successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Given the rise in ransomware attacks in recent months, it is most important to note that unlike most exploit kits using known vulnerabilities, this zero-day vulnerability was being used to distribute ransomware at the time of analysis.
This is not the first time that new exploit mitigation research rendered a zero-day exploit ineffective. Exploit mitigations are an invaluable tool for the industry, and their ongoing development within some of the most widely targeted applications – such as Internet Explorer/Edge and Flash Player – change the game.
Despite regular security updates, attackers continue to target Flash Player, primarily because of its ubiquity and cross-platform reach. While the in-the-wild exploit achieves remote code execution on recent versions of Flash Player, it fails on the latest version. Users of Flash Player are advised to ensure that they update to the latest version.