Buffer overflow in Adobe Flash Player prior to 11.7.700.279 and 11.8.x up to and including 13.0.x prior to 13.0.0.206 on Windows and OS X, and prior to 11.2.202.356 on Linux, allows remote malicious users to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe flash_player |
Perhaps one of the most explosively discussed subjects of 2015 was the compromise and data dump of Hacking Team, the infamous Italian spyware company. For those who are not familiar with the subject, Hacking Team was founded in 2003 and specialized in selling spyware and surveillance tools to governments and law enforcement agencies. On July 5, 2015, a large amount of data from the company was leaked to the Internet with a hacker known as “Phineas Fisher” claiming responsibility for the brea...
Download PDF version Download EPUB Download Full Report PDF Download Full Report EPUB Targeted attacks are now an established part of the threat landscape, so it’s no surprise to see such attacks feature in our yearly review. Last year, in our security forecast, we outlined what we saw as the likely future APT developments. Here are the major APT campaigns that we reported this year. Carbanak combined cybercrime – in this case, stealing money from financial institutions – with the infil...
The story of the powerful Equation cyberespionage group was perhaps the most talked-about news story of Q1. The group has interacted with other influential groups, such as Stuxnet and Flame, for many years. Attacks carried out by Equation are arguably the most sophisticated of all: one of the group’s modules can be used to modify hard drive firmware. Since 2001, Equation has successfully infected the computers of thousands of victims in Iran, Russia, Syria, Afghanistan, the US and other countr...
PDF version EPUB version Download Full Report PDF Download Full Report EPUB Over the past years, Kaspersky’s Global Research and Analysis Team (GReAT) has shed light on some of the biggest APT campaigns, including RedOctober, Flame, NetTraveler, Miniduke, Epic Turla, Careto/Mask and others. While studying these campaigns we have also identified a number of 0-day exploits, including the most recent CVE-2014-0546. We were also among the first to report on emerging trends in the APT world, ...
PDF version EPUB version In April, we reported a new Flash Player zero-day that we believe was used in watering-hole attacks from a compromised Syrian web site. The site (http://jpic.gov.sy), launched in 2011 by the Syrian Ministry of Justice, was designed to enable citizens to complain about law and order violations. We believe that this attack was developed to target Syrian dissidents complaining about the government. We analyzed two new SWF exploits (both detected proactively by Kaspersky L...
In mid-April we detected two new SWF exploits. After some detailed analysis it was clear they didn’t use any of the vulnerabilities that we already knew about. We sent the exploits off to Adobe and a few days later got confirmation that they did indeed use a 0-day vulnerability that was later labeled as CVE-2014-0515. The vulnerability is located in the Pixel Bender component, designed for video and image processing. We received a sample of the first exploit on April 14, while a sample of the...
Mad dash to slap critical patch on zero day hole
Adobe is pushing out a cross-platform security fix for a bug in its Flash Player that miscreants are already exploiting. Windows users running Adobe Flash Player 13.0.0.182 and earlier need to update it following the discovery of a zero-day attack. "Adobe is aware of reports that an exploit for CVE-2014-0515 exists in the wild, and is being used to target Flash Player users on the Windows platform," the software maker warned. Flash Player 13.0.0.201 and earlier versions for Macintosh and as well...