It appears there are more ‘bugging’ avenues on Adobe Systems Incorporated (NASDAQ:ADBE) latest Flash release, 16.0.0257, routine exploits by known malware by Angler Kit’s ‘Bedep.’ According to security researcher Kafeine, the first inkling of this intrusion was first found on Wednesday. Later, the researcher based in France, admitted to finding Angler Kit’s exploits picking on Adobe Systems Incorporated llatest release’s two known bugs and many unknown vulnerabilities, via Bedep.
Bedep is a malware that is used by Flash-attacker Angler Kit, which leaves no traces of infection on the exploited machine. Researchers have found that Angler does have a fondness for Flash exploits, for, within days of Flash issuing fixes, the kit has its exploits out for the patches!
Angler Kit’s exploits
Angler Kit exploits Flash vulnerabilities in the various browser versions such Windows 7 as well as Windows 8, besides Internet Explorer. Angler Kit is able to do so on earlier occasions by using a form of malware that does not ride on files to infect.
According to Kafeine Bedep is continuing to be used in the current forays as well, but does not expect Angler to deploy the latest exploit it has for Flash’s much talked about zero-day. Neither is the new exploit in use on the big name browser as well.
Thus far, Kafeine detected that on Windows version 8, Internet Explorer 10 was the vehicle, Internet Explorer 8 on Windows 7 as well Internet Explorer 6 to 9 versions on the Windows XP line-up as well.
However, the good news is that Chrome is not a target and the full patch of Windows 8.1 has ensured that Angler Kits exploits are ineffective.
As users wait for Kafeine to publish his MD5 for the newer exploit, he recommends disabling Flash player and waiting for Adobe Incorporated to fix the loop-hole.