A use-after-free vulnerability exists in Adobe Flash Player prior to 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
adobe flash_player |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux desktop 6.0 |
In the second quarter of 2017, Kaspersky Lab’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports, in an effort to make the public aware of the research we have been conducting. This report serves as the latest installment, focusing on the relevant activities that we observed during Q2 2018. These summaries are a representative snapshot of what has been discussed in greater detail in our private reports. They aim to highl...
According to KSN: In Q1 2018, DNS-hijacking, a new in-the-wild method for spreading mobile malware on Android devices, was identified. As a result of hacked routers and modified DNS settings, users were redirected to IP addresses belonging to the cybercriminals, where they were prompted to download malware disguised, for example, as browser updates. That is how the Korean banking Trojan Wroba was distributed. It wasn’t a drive-by-download case, since the success of the attack largely depended ...
In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018. These summaries serve as a representative snapshot of what has been discussed in greater detail in our private reports, in order to highlig...
ThreadKit leverages flaw fixed in February Exploit kit development has gone to sh$t... ever since Adobe Flash was kicked to the curb
In case you needed another reason not to open Adobe Flash or Microsoft Office files from untrusted sources: ThreadKit, an app for building documents that infect vulnerable PCs with malware when opened, now targets a recently patched Flash security bug. This means less-than-expert hackers can use ThreadKit to craft booby-trapped Office files, and fling them at victims in emails or downloads, so that when they are viewed on unpatched systems, malicious code within the files is executed via the Fla...
Emergency patch lands, shuts pair of remote exploitable holes, one used by Norks
Adobe has issued an emergency security patch for two bugs in its Flash player – after North Korea's hackers were spotted exploiting one of the flaws to spy on people investigating the creepy hermit nation. At the start of the month, South Korea's Computer Emergency Response Team put the world on alert after it found miscreants abusing Flash to take control of and surveil Windows PCs in its country via Office documents carrying embedded malicious SWF files. Subsequent analysis showed the hackin...
Maybe it's a good time to just delete the thing
Adobe will next week emit patches to squash a security bug in Flash that can be exploited by malicious webpages and documents, when opened, to hijack and spy on vulnerable computers. The flaw is being abused right now by North Korean hackers to infect victims' PCs. You should update your browser or Flash installation – if you're still using Flash – as soon as the fix lands so other miscreants can't exploit the vulnerability and potentially commandeer your machine. The programming cockup (CVE...
Vulmon