• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Bucharest: +40 316 301 707 
  • Tokyo: +81 (3) 4588 8181 

Flash zero day under attack

You are here

22

Jan

Flash zero day under attack

A zero day Flash vulnerability is being exploited by cyber criminals using the Angler exploit kit.

With an added Adobe zero day, the Angler operators just showed how  serious they are about becoming the de facto kit for online crime. There’s still plenty of competition from kits, including Fiesta, Sweet Orange and Goon (popular in China).

Adobe are currently investigating the report by malware researcher named Kafeine, who discovered the exploit kit on cybercrime forums. The vulnerabilities currently affect Flash Player versions up to 15.0.0.223 and the latest 16.0.0.257.

Users of Windows 8.1 are safe, as well as those using Google Chrome due to it's sandboxing element.

Those using other Windows platforms with Internet Explorer versions 10 and below, and other Mozilla Firefox versions, have been confirmed as vulnerable to the exploit.

On unprotected machines, the Angler Exploit Kit will install Bedep, a distribution botnet that can load multiple payloads on the infected host. More tests are currently being conducted by Kafeine, Adobe and other malware researchers such as MalwareBytes' Jerome Segura (@jeromesegura).

Posted by will

Leave a comment