Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and previous versions allows remote malicious users to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
adobe flash_player_for_linux |
||
adobe flash_player |
||
redhat enterprise linux desktop 5.0 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 5.0 |
||
redhat enterprise linux workstation 6.0 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |
||
suse linux enterprise desktop 12 |
||
suse linux enterprise workstation extension 12 |
Download Review of the year Download Overall statistics Download the consolidated Kaspersky Security Bulletin 2016 1. Kaspersky Security Bulletin. Predictions for 20172. Kaspersky Security Bulletin 2016. The ransomware revolution If they were asked to sum up 2016 in a single word, many people around the world – particularly those in Europe and the US – might choose the word ‘unpredictable’. On the face of it, the same could apply to cyberthreats in 2016: the massive botnets of connec...
A few days ago, Microsoft published the “critical” MS16-120 security bulletin with fixes for vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. One of the vulnerabilities – CVE-2016-3393 – was reported to Microsoft by Kaspersky Lab in September 2016. Here’s a bit of background on how this zero-day was discovered. A few of months ago, we deployed a new set of technologies in our products to identify and block zero-day attacks. The...
Download the full report (PDF) All the statistics used in this report were obtained using Kaspersky Security Network (KSN), a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky Lab product users from 213 countries and territories worldwide participate in this global exchange of information about malicious activity. In Q2 2016, Kaspersky Lab detected 3,626,458 malicious ins...
Earlier this year, we deployed new technologies in Kaspersky Lab products to identify and block zero-day attacks. This technology already proved its effectiveness earlier this year, when it caught an Adobe Flash zero day exploit (CVE-2016-1010). Earlier this month, our technology caught another zero-day Adobe Flash Player exploit deployed in targeted attacks. We believe the attacks are launched by an APT Group we track under the codename “ScarCruft”. ScarCruft is a relatively new APT group; ...
One bug being exploited right now in the wild
Adobe has released an update for Flash that addresses three dozen CVE-listed vulnerabilities. The update includes a fix for the CVE-2016-4171 remote code execution vulnerability that is right now being exploited in the wild to install malware on victims' computers. Adobe is recommending that users running Flash for Windows, macOS, Linux, and ChromeOS update the plugin as quickly as possible, giving the update the "Priority 1" ranking, a designation reserved for flaws that are, according to Adobe...
Unpatched flaw exploited since March
An eastern European group has for more than three months been using an unpatched Flash zero day vulnerability to target 'high profile' victims, Kaspersky Labs researcher Costin Raiu says. The attacks are linked to a group dubbed ScarCruft which under the Operation Daybreak has used the vulnerability since March. A patch for the flaw (CVE-2016-4171) is expected to drop by 16 June. Raiu (@craiu) says the zero day has been restricted to valuable targets. Doing so allows criminals to maximise on the...
Vulmon