Following last week’s headline-grabbing Hacking Team breach, we all learned of exploits utilizing various zero-day vulnerabilities in Adobe Flash. Successful exploitation of any of these vulnerabilities allows an attacker to take control of an affected endpoint, making them critical threats. Various security researchers have since reported that these zero-days were exploited in active attacks.
Both CVE-2015-5119 and CVE-2015-5122 can be exploited against all commonly used browsers, including Google Chrome, which is considered to be much harder to exploit relative to other browsers.
These disclosures provide us a rare glimpse into the advanced attack tools market. From my perspective, the critical lesson to take from this incident is not the specific zero-day vulnerabilities themselves, but the acknowledgment that this is merely the tip of the iceberg. Two live zero-day exploits were disclosed by chance, but many others are and will be developed, marketed and utilized worldwide.
CVE-2015-5119 and CVE-2015-5122 are part of an increasing trend of exploiting Flash vulnerabilities. Earlier this year we have referred in this blog to zero days CVE-2015-0311 and CVE-2015-0313, as well as a deep technical analysis of a new Flash vulnerability exploitation. Most recently was the CVE-2015-3113 zero-day. Additional patched Flash vulnerabilities were rapidly reversed by attackers and integrated in the leading exploit kits.
Adobe has issued a patch for CVE-2015-5119, but as of this writing, CVE-2015-5122 remains unpatched.
To counter trends like these, the endpoint security paradigm must shift towards a proactive approach, capable of preventing known and zero day exploits. Palo Alto Networks Traps prevents memory corruption exploits in real time, obstructing the core techniques used in exploitation without needing to rely on any prior knowledge of attacks. Traps successfully prevented exploitation of zero-days CVE-2015-5119 and CVE-2015-5122 with its default policy and without any added configuration. Users of Traps as part of the Palo Alto Networks Security Platform were already protected from exploitation of these vulnerabilities prior to the disclosure and patch.
Exploits are the default attack vector in the current threat landscape. Traps is the only solution that provides proactive protection from this vector.
Read more about Traps advanced endpoint protection here.