[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] The tooth gnashing you hear is from Flash users installing a new 0day patch
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2015-01-27 9:24:40
Message-ID: alpine.DEB.2.02.1501270924300.31911 () infosecnews ! org
[Download RAW message or body]

http://arstechnica.com/security/2015/01/those-teeth-gnashings-you-hear-are-flash-users-installing-a-new-0day-patch/

By Dan Goodin
Ars Technica
Jan 26 2015

Adobe Systems is once again rolling out an emergency Flash update that 
patches a critical vulnerability under active attack to compromise the 
computers of unsuspecting users.

The latest Flash versions fix a remote code-execution bug that, as Ars 
reported last week, recently came under attack in the Angler exploit kit. 
Malware purveyors and other types of online crooks use such kits to seed 
compromised websites with attack code. Once people visit the sites with 
vulnerable computers, the booby-trapped pages surreptitiously exploit the 
vulnerabilities and install backdoors that can be used to log keystrokes, 
steal passwords, and install new pieces of malware at will.

An advisory Adobe published late last week warned that the bug resides in 
versions running on Windows, Macs, and Linux systems. So far, reports 
suggest that in-the-wild exploits are limited only to Windows systems. The 
vulnerability stems from a so-called use-after-free bug that allows 
attackers to corrupt the memory of affected computers. Trend Micro has 
additional technical details here.

"A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 
16.0.0.287 and earlier versions for Windows and Macintosh," the Adobe 
advisory stated. "Successful exploitation could cause a crash and 
potentially allow an attacker to take control of the affected system. We 
are aware of reports that this vulnerability is being actively exploited 
in the wild via drive-by-download attacks against systems running Internet 
Explorer and Firefox on Windows 8.1 and below."

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]