Angler plonks August’s Flash feeding frenzy into its boat

If you’re not patching Flash you’re even stupider than those who still rely on it

Crooks behind the world’s worst exploit kit, Angler, have added the latest Adobe Flash vulnerabilities to the suite’s long list of attack vectors.

Angler now sports support for some of the 35 Flash player holes detailed and patched last month that includes eight memory corruption flaws and five type confusion bugs.

French malware man Kafeine said that Angler had added an integer overflow (CVE-2015-5560) that allows for arbitrary code execution via unspecified vectors.

It affects unpatched Adobe Flash Player and Air installations on all operating systems.

Adobe predicted the mess in its last patch run, urging admins to install the updates if users aren’t already receiving automatic upgrades. The company also slapped the “panic now!” severity rating of one due to the recent vulns due to its appeal to net scum like Angler’s authors.

Angler is devastating. About 40 per cent of users who encounter it are compromised, according to Cisco, thanks to its regularly updated set of exploits that make it the most popular exploit kit in the underground criminal market.

Users that do not wish to be compromised should consider removing Flash.

Angler’s landing page for the exploit is complex. It’s a mix of HTML and JavaScript under which the process operates by which one of Angler’s many exploits is chosen to best target users.

The Angler exploit uses Diffie-Hellman key exchange to help tailor attacks to victims, a method authors used last month when they rolled in an Internet Explorer double-free vulnerability into the hacking kit.

View the original article by Darren Pauli at TheRegister here.

Scroll to Top