Wednesday, 14 October 2015

Zero-Day Vulnerability In Latest Flash Player Active Attacked


In the latest version of Adobe Flash Player that came out yesterday is a zero-day vulnerability for which no update is available and actively attacked. Reported that the Japanese anti-virus company Trend Micro. Several foreign ministries would be attacked by the leak.

Victims receive a spear phishing email containing a link to a website. This website loads an exploit of the Flash Player flaw uses to install malware on the computer. The emails have subjects like: "Suicide car bomb targets NATO troop convoy in Kabul," "Syrian troops make gains as Putin defends air strikes", "Israel launches airstrikes on targets in Gaza", "Russia warns of response to Reported US nuke buildup in Turkey, Europe "and" US military reports 75 US-trained rebels return Syria ". Visiting such a malicious page with a vulnerable Flash Player is enough to get infected. There is no further interaction is required.

According to Trend Micro, the group behind the attack is also responsible for an attack in which a zero-day vulnerability was used in Java. Also, the group behind attacks on NATO, the White House, the German parliament and foreign ministries sit. The message of the anti-virus company coincides with the Tuesday patch from Adobe. Yesterday released a new version of Adobe Flash Player that 13 vulnerabilities were patched. Yet even Flash Player 19.0.0.207, the latest version now vulnerable to the observed attacks. Adobe would be informed of the new leak, but he has not yet written warning.

No comments:

Post a Comment