The Fiesta exploit kit bundles an exploit for the CVE-2014-0569 vulnerability in Flash Player, researchers found
By Lucian Constantin Oct 21, 2014 8:22 AM PT
If you haven't updated your Flash Player with the fixes released Oct. 14, you may be vulnerable to new attacks using a commercial exploit kit called Fiesta, security researchers warn.
The vulnerability, which is being tracked as CVE-2014-0569 in the Common Vulnerabilities and Exposures (CVE) database, was fixed in Flash Player updates last week.
The bundling of an exploit for CVE-2014-0569 in an attack tool that's sold on underground markets is unusual, especially since the vulnerability was privately reported to Adobe through Hewlett-Packard's Zero Day Initiative (ZDI) program, meaning its details should not be public.
Full Article