[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] The tooth gnashing you hear is from Flash users installing a new 0day patch
From: InfoSec News <alerts () infosecnews ! org>
Date: 2015-01-27 9:24:40
Message-ID: alpine.DEB.2.02.1501270924300.31911 () infosecnews ! org
[Download RAW message or body]
http://arstechnica.com/security/2015/01/those-teeth-gnashings-you-hear-are-flash-users-installing-a-new-0day-patch/
By Dan Goodin
Ars Technica
Jan 26 2015
Adobe Systems is once again rolling out an emergency Flash update that
patches a critical vulnerability under active attack to compromise the
computers of unsuspecting users.
The latest Flash versions fix a remote code-execution bug that, as Ars
reported last week, recently came under attack in the Angler exploit kit.
Malware purveyors and other types of online crooks use such kits to seed
compromised websites with attack code. Once people visit the sites with
vulnerable computers, the booby-trapped pages surreptitiously exploit the
vulnerabilities and install backdoors that can be used to log keystrokes,
steal passwords, and install new pieces of malware at will.
An advisory Adobe published late last week warned that the bug resides in
versions running on Windows, Macs, and Linux systems. So far, reports
suggest that in-the-wild exploits are limited only to Windows systems. The
vulnerability stems from a so-called use-after-free bug that allows
attackers to corrupt the memory of affected computers. Trend Micro has
additional technical details here.
"A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player
16.0.0.287 and earlier versions for Windows and Macintosh," the Adobe
advisory stated. "Successful exploitation could cause a crash and
potentially allow an attacker to take control of the affected system. We
are aware of reports that this vulnerability is being actively exploited
in the wild via drive-by-download attacks against systems running Internet
Explorer and Firefox on Windows 8.1 and below."
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic