- Posted July 20, 2015
- Security Advisories
A leak of 400GB of corporate data from Italian surveillance malware vendor ‘Hacking Team’ in the past week has revealed a number of Adobe Flash Player exploits1. Adobe has provided a patch for each of these between July 8th and July 15th following the leak which occurred on July 5th.
The NCSC is aware of Flash Player exploits being used in network exploitation. Recent reporting from security companies2,3,4 has shown that high threat APT groups have been quick to leverage the exploits and use them to compromise targets. Crime-ware has also taken advantage of the new exploits and more information is available in reports on-line.
NCSC Advice
The NCSC advises the following actions to aid in protecting your system from these exploits:
- Maintain up to date patching of operating systems and antivirus.
- Consider disabling Flash Player in browsers until patched.
- Explore methods to control access to webpages utilising Flash Player can limit exposure to potential compromises.
- Investigate tools like Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) which aim to prevent vulnerabilities and increase the difficulty of exploiting software.
The NCSC also recommends following the Australian Signal Directorate (ASD) “Top four mitigation strategies to protect your ICT system.”5
[1] Common vulnerability and exposure (CVE) identifiers:
- CVE-2015-5119, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119(external link)
- CVE-2015-5122, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122(external link)
- CVE-2015-5123, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123(external link)
[3] https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html(external link)
[5] www.asd.gov.au/publications/protect/top_4_mitigations.htm(external link)