CVE-2015-5122

Rivals stuck with old Adobe exploits

The Angler exploit kit is again sailing the cyber seas and pillaging with impunity, adding one of the more recent machine-hijacking Flash holes to its arsenal. The integration of Adobe Flash vulnerability (CVE-2015-8651) patched last month solidifies Angler's position as the most popular and effective exploit kit on underground criminal markets. Chinese security researcher known as ThreatBook reports the exploit kit is being used in phishing attacks under the so-called DarkHotel campaign. Those ...

Evilware rivals race to exploit the flaws stoopid folks don't fix

Criminals behind some of the most potent exploit kits, Neutrino and RIG, are ramping up attacks slinging the latest ransomware and hosing users who have not applied recent Adobe Flash patches. The patched vulnerabilities permit code execution and allow the dangerous hacking kits to compromise user machines. The two above-mentioned exploit kits jostle for top spot on the evilware charts, with speedy exploitation of Flash vulnerabilities giving one the edge over the other. Damage inflicted to indu...

Even after deletion you can be p0wned by PowerPoint or whipped by Word

Fortinet security researcher Bing Lui has warned users that they can still be p0wned if they only disable Adobe Flash in web browsers. Lui's warning speaks to advice last week that users dump Flash to bolster security in the wake of the public disclosure of three zero day vulnerabilities (CVE-2015-5122. CVE-2015-5123, and CVE-2015-5119 ) as part of the Hacking Team cyber defiling. He built an exploit against the first vuln in demonstrating how the likely common mistake of uninstalling Flash only...

Browser maker backs search for 'safer and more stable' alternative – like its own

Mozilla has lifted its blanket block on Flash in Firefox following the release of security updates by Adobe on Tuesday. Although the short-term block has been lifted, the whole flap appears to have re-energised efforts at Mozilla to work on Flash alternatives. The block – imposed on Monday – meant that all versions of Flash were blocked within Firefox by default. This embargo was lifted once Adobe released cross-platform updates that defended against two new zero-day vulnerabilities, which w...

'Temporary pending a patch'. Until the next time

Mozilla has temporarily blocked Flash in Firefox while waiting for Adobe to release patches to fix yet more serious security holes in the Swiss-cheese-like plugin. These holes can be exploited by criminals to hijack PCs and infect them with malware; details of the bugs emerged from leaked Hacking Team files. Firefox began preventing Flash from running by default on Monday. All versions of Adobe's software, including the most recent release, have been added to the browser's blacklist. Users can c...

Software portfolio looks like a nicotine addict's buttocks

Adobe has released patches for its Flash software to fix a pair of critical security vulnerabilities exposed by the Hacking Team megabreach. The bugs can be exploited to hijack PCs and infect them with malware – and crooks are already doing just that, so apply the updates now. The security bulletin for Adobe Flash Player (APSB15-18) addresses both zero-day vulnerabilities (CVE-2015-5122, CVE-2015-5123). Version 18.0.0.209 Flash Player and associated browser plugins for Windows, Macintosh and L...

Adobe vows to plug serious hijack leaks

Updated Two more serious Adobe Flash vulnerabilities have emerged from the leaked Hacking Team files, ones which allow malefactors to take over computers remotely – and crooks are apparently already exploiting at least one of them to infect machines. The use-after-free() programming flaws, for which no patches exist, are identified as CVE-2015-5122 and CVE-2015-5123. They are similar to the CVE-2015-5119 Flash bug patched last week. The 5122 and 5123 bugs let malicious Flash files execute code...