See Also Exploit for Flash Zero Day Appears in Angler Exploit Kit
By Mike Lennon on January 23, 2015
After saying early Thursday that it was investigating reports of a critical zero-day vulnerability affecting its Flash Player that is being exploited in the wild, Adobe Systems issued a security advisory late Thursday, stating that it expects to have a patch available for the flaw during the week of Jan. 26.
The critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh, Adobe confirmed its its advisory.
The vulnerability was discovered by French security researcher “Kafeine” while analyzing an instance of the Angler exploit kit, and successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
The cybercriminals behind the Angler exploit kit often leverage Flash Player vulnerabilities to distribute malware and in some cases add Flash Player exploits shortly after the vulnerabilities are patched by Adobe.
Full Article
Adobe to Patch Critical Flash Player Zero-day Vulnerability Used in Active Attacks
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.