zero-day vulnerability

  • 7 February 2015
  • 1 reply
  • 3 views

A new zero-day vulnerability has been discovered in Adobe Flash. :robotmad:
The term zero-day refers to an unknown vulnerability or an exploit in a software program that the developer of the software is newly aware of, and has not had the time to address and patch. Zero-days are particularly troublesome because they often present an open window during which cybercriminals can operate unchallenged. Because of this, zero-days are prized by cybercriminals who have knowledge of them and are used for as long and as quietly as possible.
In this case, the zero-day vulnerability was found in Adobe Flash, a widely distributed software application. Just as troubling, working exploits used to take advantage of this vulnerability were discovered in the Angler Exploit Kit, which is one of many tools sold on the underground market that help criminals commit cybercrime.
The Angler Exploit Kit uses this zero-day vulnerability in Adobe Flash to install malware onto a computers and targets the latest version of Adobe Flash (version 16.0.0.287). Simply visiting a compromised website can install malware onto a machine via the exploit. There is no action needed on the users’ part to become infected. While Adobe is aware of this newly discovered vulnerability, they have not issued a security advisory for it.
The exploit has already been used in a drive-by download campaign that attempts to deliver malware to the victim’s computer through malicious advertising (malvertising). The malicious adverts redirected through a series of sites that eventually led to the exploit code.
Does This Vulnerability Affect Me?
Norton experts say that it’s important that users remain alert to stay protected from this vulnerability, as it targets the current version of Adobe Flash, which is widely used. Symantec considers this a severe incident, as it has the potential to affect a large number of users.
Testing performed by Kafeine concludes that the following products are affected:
Internet Explorer versions 6 through 10
Windows XP (Internet Explorer versions 6-8)
Windows 7 (Internet Explorer version 8)
Windows 8 (Internet Explorer version 10)
Firefox browser
Fully patched versions of Windows 8.1 and the Google Chrome browser do not appear to be affected at this time.
How Do I Stay Protected?
Adobe has released a patch for this vulnerability. To learn how to update your flash player.

1 reply

Userlevel 7
Badge +56
Yes and the new version has been released please see here to update: https://community.webroot.com/t5/Security-Industry-News/Adobe-Flash-Player-16-0-0-305-Feb-5th-2015/m-p/185412#M12373
 
Thanks,
 
Daniel 😉

Reply