The French researcher Kafeine confirmed that the author of the Magnitude exploit kit have added the code to exploit the Adobe CVE-2015-3113 flaw.
Cyber criminals have added the recently the recently discovered CVE-2015-3113 to the popular Magnitude exploit kit. Last week, Adobe released a security update for the critical Adobe Flash Player vulnerability CVE-2015-3113 that is being actively exploited in the wild.
Security experts at FireEye discovered that the critical heap buffer overflow vulnerability (CVE-2015-3113) affects Adobe systems and is being exploited in the wild by the hacking crew APT3 that has targeted a number of industries, including the telecommunications, transportation and aerospace and defense sectors.
“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.” Adobe stated in a security advisory.
The remote code execution vulnerability (CVE-2015-3113) allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP.
As usual the excellent researcher Kafeine provided further information on the use of criminal crews of the CVE-2015-3113 exploit. Kafeine confirmed the vulnerability has been added to the Magnitude exploit kit leaving Flash users with outdated systems open to cyber attacks.
The addition of CVE-2015-03113 comes a few days after the author of the Magnitude exploit kit have added another Adobe Flash vulnerability (CVE-2015-3105) to the kit.
Kafeine says Magnitude exploit is being used to serve the dreaded Cryptowall ransomware.
“Magnitude successfully exploiting Flash 220.127.116.11 on IE11 in Windows 7 on 2015-06-27 Dropping 2 instances of Cryptowall Ransomware” states Kafeine.
It is easy to predict that the CVE-2015-3113 exploit will be added to other kits in the next weeks, despite Kafeine confirmed that he had not seen the exploit in any other kits.
The Magnitude exploit kit has a third of the exploit kit market, according to Trustwave, and generated up to $US100,000 a month since August. The researchers speculate that Magnitude earns could reach up to $3 million a year.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.