Adobe Flash Player Zero-Day Used by Chinese Cyber Espionage Group

Posted: June 23, 2015 in Tech
Tags: ,

Hacker-Isloate

Victims are lured with a generic phishing email whose text is very similar to spam messages. In an example provided by FireEye the bait used was an offer for a refurbished iMac system certified by Apple, with a discount between $200 and $450 (€180 – €400); the email further enticed the recipient with availability of one-year extendable warranty for the product.

Clicking on the provided link redirected to a server with scripts that checked if the visitor’s computer was worth compromising. If it presented no interest, the user would receive non-harmful content; otherwise, the victim was served malicious SWF and FLV files. The vulnerability exploited in the attack is a heap buffer overflow, now identified as CVE-2015-3113.

FireEye says that the attack code relies on common vector corruption techniques to get past the Address Space Layout Randomization (ASLR) protection from buffer overflow events; it also relies on a new ROP (Return-Oriented Programming) technique to bypass Data Execution Prevention (DEP) and other protection mechanisms, such as ROP detection.

The latest campaign from APT3 has dubbed Operation Clandestine Wolf and the researchers say that it is also responsible for other previously identified campaigns (Operation Clandestine Fox) and it is known for producing browser-based zero-day exploits for Internet Explorer, Firefox and Flash Player.

Source: [Softpedia]

Advertisements
Comments
  1. […] and Mike Mimoso talk about the Cisco default SSH keys, more details of the OPM data breach, the Adobe 0-day and why we never hear about bad APT groups, only the really good […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s