A Flash Player vulnerability that has been patched in version 22.214.171.124 is still causing problems for many users running the previous version 126.96.36.199 — especially those in the US, Canada, and the UK — who remain exposed and at risk of getting infected with the CryptoWall 3.0 ransomware.
The Trend Micro blog reports that the Magnitude Exploit Kit includes an exploit (SWF_EXPLOIT.MJTE ) for the vulnerability (CVE-2015-3105) detected through monitoring of threat intelligence from the Trend Micro Smart Protection Network. The SWF sample Micro Trend acquired is reportedly heavily obfuscated using secureSWF, and uses two shaders for the actual exploit code. It allows attackers to spread crypto-ransomware into their target systems.
The blog post notes how this is another example of cyber-criminals taking advantage of recently-patched vulnerabilities through exploit kits. Magnitude is described as one of the most used exploit kits by cyber-criminals along with SweetOrange and Angler.