Adobe Flash Player 18.x up to and including 18.0.0.252 and 19.x up to and including 19.0.0.207 on Windows and OS X and 11.x up to and including 11.2.202.535 on Linux allows remote malicious users to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe flash_player |
Who the hell needs zero days?
A Flash vulnerability subject to emergency patching by Adobe has been used in all major exploit kits to compromise users not already updated. The vulnerability (CVE-2015-7645) patched in October last year was the first zero day since Adobe implemented more hardened security. It was also the most pervasive among the vulnerabilities adopted by exploit kits, according to the Recorded Future study of an eye-watering 141 kits. The once huge now dead Angler and Neutrino exploit kits used the flaw, alo...
There is no honour among content thieves
Scores of Game of Thrones pirates may have had computers encrypted by ransomware after malvertisers served the dangerous malware through the Pirate Bay during the mega-series' season six première last weekend. MalwareBytes researcher Jerome Segura says the hard-working Magnitude exploit kit authors were able to target pirates after they bought advertising space on the infamous Bittorrent website targeting users with pop-under ads. Magnitude is a hugely successful crimeware offering that allows ...
Rivals stuck with old Adobe exploits
The Angler exploit kit is again sailing the cyber seas and pillaging with impunity, adding one of the more recent machine-hijacking Flash holes to its arsenal. The integration of Adobe Flash vulnerability (CVE-2015-8651) patched last month solidifies Angler's position as the most popular and effective exploit kit on underground criminal markets. Chinese security researcher known as ThreatBook reports the exploit kit is being used in phishing attacks under the so-called DarkHotel campaign. Those ...
Evilware rivals race to exploit the flaws stoopid folks don't fix
Criminals behind some of the most potent exploit kits, Neutrino and RIG, are ramping up attacks slinging the latest ransomware and hosing users who have not applied recent Adobe Flash patches. The patched vulnerabilities permit code execution and allow the dangerous hacking kits to compromise user machines. The two above-mentioned exploit kits jostle for top spot on the evilware charts, with speedy exploitation of Flash vulnerabilities giving one the edge over the other. Damage inflicted to indu...
Software vulnerabilities are one of those problems that potentially affect all users. A vulnerability is a fault in a program’s implementation that can be used by attackers to gain unauthorized access to data, inject malicious code or put a system out of operation. In most cases, vulnerabilities arise from a lack of attention to fine details at the design stage rather than programming errors. Sometimes a system can seem virtually invulnerable at the design stage, but then, at some point, a new...
Ransomware targets old Flash versions, says Trend Micro
The Independent has become the latest big-name publisher to serve malware. Trend Micro is warning that the UK news site's Wordpress-based blog section has been compromised. The company says the attack seems to have begun on November 21, with a compromised page serving the Angler exploit kit, taking advantage of visitors with old Flash version to hit them with the Cryptesla 2.2.0 ransomware. “The vulnerability involved in this particular instance is discovered to be CVE-2015-7645. This is also ...
Disable the plugin – or enable click-to-play
Just a day after its monthly batch of security updates, Adobe has confirmed it will issue an emergency critical patch for Flash next week. With somewhat regrettable timing, given Adobe's patching cycle, Trend Micro's security researchers announced on Tuesday that it had discovered in the plugin a vulnerability, CVE-2015-7645, and that it was being used by hackers who were targeting officials in governments in NATO. On Wednesday, Adobe acknowledged that the programming blunder affects all known v...
Government staff swallow news hook linked to poisoned bait
Hackers behind a long-running cyber-espionage campaign have begun using a new Adobe Flash zero-day exploit in their latest campaign. The attackers behind Pawn Storm targeted several foreign affairs ministries from around the globe using a Flash-based attack, Trend Micro reports. The targets received spear phishing emails that contained links pointing towards sites hosting the exploit. These emails were themed so that they appeared to offer links to news analysis articles and pieces. Example...