All Posts

1 post

Update – New 0-day for Adobe Flash

Update: A bit less than a week that Adobe released a fix for a 0-day in Flash and now the attack has migrated into at least two commonly available exploit kits – Magnitude (as of June 27)  and Angler (June 29). The security researcher @kafeine documented in his blog both findings. I hope you are patched already because the exploit is now mainstream.

Original: Adobe came out today with an out-of-band patch (APSB15-14) for their Flash Player, the fifth time that Flash has required an out-of-band fix for a 0-day. FireEye had notified them of a critical vulnerability (CVE-2015-3113) that they discovered in use in Asia. They believeit was developed by the group called APT3 and used in targeted attacks against a number of industries. The vulnerability lies in the video decoding part of Flash and the exploit shows some signs of sophistication by introducing new techniques in their use of ROP.

Continue reading …