NCSC Security Advisory – NCSC-ADV-201507-0110

A leak of  400GB of corporate data from Italian surveillance malware vendor ‘Hacking Team’ in the past week  has  revealed a  number of Adobe Flash Player exploits1.  Adobe has provided a patch for each of these between July 8th and July 15th following the leak which occurred on July 5th.

The NCSC is aware of Flash Player exploits being used in network exploitation. Recent reporting from security companies2,3,4 has shown that high threat APT groups have been quick to leverage the exploits and  use them to compromise targets.  Crime-ware has also taken  advantage of the new exploits and more information is available in reports on-line.

NCSC Advice

The NCSC advises the following actions to aid in protecting your system from these exploits:

  • Maintain up to date patching of operating systems and antivirus.
  • Consider disabling Flash Player in browsers until patched.
  • Explore  methods to control  access  to  webpages utilising Flash Player can limit exposure to potential compromises.
  • Investigate tools like Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)  which aim to prevent vulnerabilities and increase the difficulty of exploiting software.

The NCSC also recommends following the Australian Signal Directorate (ASD) “Top four mitigation strategies to protect your ICT system.”5

[1] Common vulnerability and exposure (CVE) identifiers:

[2] https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html

[3] https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html

[4] http://blog.trendmicro.com/trendlabs-security-intelligence/the-adobe-flash-conundrum-old-habits-die-hard/    

[5] www.asd.gov.au/publications/protect/top_4_mitigations.htm