Feedly:Malware don't need Coffee. CVE-2016-4117 (Flash up to 21.0.0.213) and Exploit Kits

from Malware don't need Coffee

Discovered being exploited in the wild by FireEye [1] on May 8, 2016, patched 4 days later with Flash 21.0.0.242, CVE-2016-4117 is making its way to Exploit Kits.

Magnitude :
CVE confirmed by FireEye - Thanks !
On 2016-05-21 Magnitude is firing an exploit to Flash up to 21.0.0.213.

Magnitude firing exploit to Flash 21.0.0.213 - 2016-05-21

For now i did not get exploitation in the different pass i tried but in the Flash exploit we can see some quite explicit imports :

 import com.adobe.tvsdk.mediacore.timeline.operations.DeleteRangeTimelineOperation;

Magnitude Flash Exploit showing import of the DeleteRangeTimelineOperation

Spotted sample :  f5cea58952ff30e9bd2a935f5843d15952b4cf85cdd1ad5d01c8de2000c48b0a

Fiddler sent here.

Updates to come as it appears to be a work in progress.

Read More:
[1] CVE-2016-4117: Flash Zero-Day Exploited in the Wild - 2016-05-13 - Genwei Jiang - FireEye
[2] New Flash Vulnerability CVE-2016-4117 Shares Similarities With Older Pawn Storm Exploit - 2016-05-13 - Moony Li - TrendMicro