Angler Exploit Kit Adds New Flash Exploit for CVE-2014-8440

  • 20 November 2014
  • 0 replies
  • 185 views

Userlevel 7
Badge +54
by Dennis Fisher    November 20, 2014 , 8:02 am

Exploit kit authors are nothing if not opportunistic, and they know a prime opportunity when they see one. Adobe Flash bugs fit that description nicely, and the people behind the Angler exploit kit already are exploiting one of the Flash bugs patched last week in the kit’s arsenal.

This is a common tactic for exploit kit authors, who are in the business of getting the most useful exploits available at the moment into their kits. Angler is just one of the many such exploit kits available to attackers, but the creators of this one seem to be especially quick about adding exploits for new vulnerabilities to the kit. In October, a week after Adobe released its monthly patch update, researchers saw Angler exploiting an integer overflow in Flash that had just been patched.

“This is really, really fast,” Kafeine, a French security researcher who identified the attack at the time, said. “The best I remember was maybe three weeks in February 2014.”
 
Full Article.

0 replies

Be the first to reply!

Reply