Following this week’s headline-grabbing breach, we all learned of an exploit utilizing CVE-2015-5119, a zero-day vulnerability in Adobe Flash. Successful exploitation of this vulnerability allows an attacker to take control of an affected endpoint, making it a critical threat. Various security researchers have since reported that the zero-day was indeed exploited in active attacks.
CVE-2015-5119 can be exploited against all commonly used browsers, including Google Chrome, which is considered to be much harder to exploit relative to other browsers.
This disclosure provides us a rare glimpse into the advanced attack tools market. From my perspective, the critical lesson to take from this incident is not the specific zero-day vulnerability itself, but the acknowledgment that this is merely the tip of the iceberg. One live zero-day exploit was disclosed by chance, but many others are and will be developed, marketed and utilized worldwide.
CVE-2015-5119 is part of an increasing trend of exploiting Flash vulnerabilities. Earlier this year we have referred in this blog to zero days CVE-2015-0311 and CVE-2015-0313, as well as a deep technical analysis of a new Flash vulnerability exploitation. Most recently was the CVE-2015-3113 zero-day, disclosed a week ago. Additional patched Flash vulnerabilities were rapidly reversed by attackers and integrated in the leading exploit kits.
To counter trends like these, the endpoint security paradigm must shift towards a proactive approach, capable of preventing known and zero day exploits. Palo Alto Networks Traps prevents memory corruption exploits in real time, obstructing the core techniques used in exploitation without needing to rely on any prior knowledge of attacks. Traps successfully prevented exploitation zero-day CVE-2015-5119, and users of Traps as part of the Palo Alto Networks Security Platform were already protected from exploitation of these vulnerabilities prior to the disclosure and patch.
Exploits are the default attack vector in the current threat landscape. Traps is the only solution that provides proactive protection from this vector.
Read more about Traps advanced endpoint protection here.
[Palo Alto Networks Blog]