【資安】漏洞預警:駭客透過 Hacking Team Flash Zero-Day (CVE-2015-5119)漏洞進行攻擊

[內容說明:]
趨勢科技近來發現一個嚴重的漏洞(CVE-2015-5119),這個漏洞影響所及遍布所有版本的Adobe Flash。Adobe Flash遭到入侵後可能會當掉,駭客也可能取得受害系統的控制權。Adobe已經發布了一則安全公告並建議用戶儘速套用安全性更新。

最近對台灣造成重大影響的勒贖軟體(Ransomware)也可能透過此漏洞進行攻擊,並針對重要檔案進行加密。
 
此外也觀察到已經有部分台灣網站遭受駭客入侵,利用此漏洞植入後門程式。
 
[影響平台:]
•Adobe Flash Player 18.00.194 and earlier versions for Windows and Macintosh

•Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh

•Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux

[建議措施:]
建議您儘速安裝原廠所釋出的安全性更新或修補程式。

[參考資料:]
•Hacking Team Flash Zero-Day Integrated Into Exploit Kits (Trend Micro Security Intelligence Blog):
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-integrated-into-exploit-kits/
 
•A Look at the Open Type Font Manager Vulnerability from the Hacking Team Leak (Trend Micro Security Intelligence Blog):
http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-the-open-type-font-manager-vulnerability-from-the-hacking-team-leak/

•Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak (Trend Micro Security Intelligence Blog):
http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/
 
•Adobe Security Bulletin:
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html