Researchers have found a new zero-day exploit in Adobe Flash used in malvertising attacks. The exploit affects the most recent version of Adobe Flash.
The initial analysis suggests that this might have been executed through the use of the Angler Exploit Kit, due to similarities in obfuscation techniques and infection chains. The infection happens automatically, since advertisements are designed to load once a user visits a site. Most of the users who accessed the malicious server related to the attack are from the USA. This post serves to warn end-users and enterprises of the severity of this threat.Read more
Two exploit kits have been outfitted with the exploit for a Flash Player vulnerability that has been patched only a week ago, the researcher that goes by the handle Kafeine has shared on Tuesday. The integer overflow vulnerability in question can allow attackers to execute arbitrary code via unspecified vectors, and is deemed critical.
Initial information about it has been shared with Adobe via HP's Zero Day Initiative. Researchers are admittedly worried about the short period of time that passed between is patching and the exploit surfacing in the Fiesta and Angler exploit kits. As Kafeine notes, it's technically possible that the exploit was included in the kits even before the patch was available.Read more