Reference: CERT-EU Security Advisory 2016-125 Title: Critical vulnerability in Adobe Flash Player (CVE-2016-4117) Version history: 12/05/2016 Initial publication Summary: ======== A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system [1]. Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild. Products Affected: ================== Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS Impact ================== Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Technical Description ================== Adobe Flash Player is a multimedia application for available for multiple operating systems. Adobe Flash Player is prone to unspecified remote code-execution vulnerability. An attacker can exploit this issue to cause a crash and potentially allow taking control of the affected system. File-based Attack Scenarios: 1. An attacker crafts a malicious Flash file to leverage the issue and to carry out some actions on their behalf. 2. The attacker uses email or other means to distribute the malicious file and entices an unsuspecting user to open it. 3. When the victim opens the file, the attacker's code runs. Web-based Attack Scenarios: 1. The attacker crafts a malicious webpage to leverage the issue and to carry out some actions on their behalf. 2. The attacker uses email or other means to entice an unsuspecting user to view the malicious page. 3. When the user views the page, the attacker's code runs. Successful exploitation will allow an attacker to take complete control of the affected system[2]. Recommendations: =============== Mitigating Strategies: - Run all software as a nonprivileged user with minimal access rights. To reduce the impact of latent vulnerabilities, run the application with the minimal amount of privileges required for functionality. - Deploy network intrusion detection systems to monitor network traffic for malicious activity. - Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits. - Do not accept or execute files from untrusted or unknown sources. - To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources. Adobe will address this vulnerability in the monthly security update, available as early as May 12 [3]. References: ========== [1] https://helpx.adobe.com/security/products/flash-player/apsa16-02.html [2] https://alerts.symantec.com/loaddocument.aspx?GUID=0c851a66-159a-4bfe-8921-57737df36c8d [3] http://blogs.adobe.com/psirt/ Best Regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html