by Dennis Fisher January 21, 2015
The dangerous Angler exploit kit has a new piece of ammunition to use in its attacks: a fresh Adobe Flash zero-day vulnerability. The kit is exploiting the previously unknown vulnerability in several versions of Internet explorer running on Windows 7 and Windows 8.
French security researcher Kafeine has spotted a version of the Angler kit that’s firing exploits for several vulnerabilities in Flash, including two known bugs. But the big problem is that the kit also has exploit code for what appears to be a zero-day in the latest version of Flash, version 16.0.0.257. Kafeine said that he first spotted the exploit for the zero-day in Flash on Wednesday and that it is being used to install a piece of malware known as Bedep.
Full Article
Exploit for Flash Zero Day Appears in Angler Exploit Kit
Userlevel 7
+54
Userlevel 7
+54
1/21/2015 Kelly Jackson Higgins
Researcher Kafeine's 0day discovery confirmed by Malwarebytes.
Prolific researcher Kafeine today called for Windows users to disable Adobe Flash Player in the wake of his discovery of an exploit for a previously unknown Flash flaw being packaged with a notorious crimeware kit.
A spokesperson for Adobe confirmed that the company was aware of the report and was investigating it.
Kafeine said in a blog post that he had seen one version of Angler EK sending three different attacks targeting Flash Player, one of which is a zero-day.
Malwarebytes has confirmed the validity of the zero-day exploit report. Pedro Bustamante, director of special projects for Malwarebytes, says the danger to Windows users, of course, is that there's no fix for the attack yet, and it's aimed at targeting machines "en masse."
Full Article
Researcher Kafeine's 0day discovery confirmed by Malwarebytes.
Prolific researcher Kafeine today called for Windows users to disable Adobe Flash Player in the wake of his discovery of an exploit for a previously unknown Flash flaw being packaged with a notorious crimeware kit.
A spokesperson for Adobe confirmed that the company was aware of the report and was investigating it.
Kafeine said in a blog post that he had seen one version of Angler EK sending three different attacks targeting Flash Player, one of which is a zero-day.
Malwarebytes has confirmed the validity of the zero-day exploit report. Pedro Bustamante, director of special projects for Malwarebytes, says the danger to Windows users, of course, is that there's no fix for the attack yet, and it's aimed at targeting machines "en masse."
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.