Thursday, 12 February 2015

Flash And Unpatched IE Vulnerabilities Used On Forbes.com

Visitors to the popular business magazine Forbes late November attacked via vulnerabilities in Adobe Flash Player and Internet Explorer, which at the time of the attack still no updates were available.According to security iSight Partners and Invincea involved a highly targeted attack.

The attack would be directed cons American defense companies and financial institutions, whose staff Forbes.com visit regularly. The website is according to Alexa on the 68th spot of most visited websites in the US Possible are also other parties and organizations affected by the attack, but it is not yet clear. The same is true for the attack period. Which would have taken place on 28 November to 1 December, but a longer period is not excluded. Besides Forbes would have used several obscure websites for the attack.

The attack took place through the "Thought of the Day" (totd) Adobe Flash widget that appears when someone visits a page or Forbes article. Then, use was made of a zero-day vulnerability in Adobe Flash Player, which eventually on December 9 by Adobe was patched. The attack was combined with a vulnerability in Internet Explorer to bypass the ASLR protection measure in the browser. Bypassing the security measure yesterday evening remedied by Microsoft. How many computers are infected by the attack have both security companies do not know.

No comments:

Post a Comment