Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Emergency Patch Imminent to Repair Adobe Flash Zero-Day Used in Live Attacks


It has become imperative for users to install fixes which are released by Microsoft today as May Patch Tuesday part because Windows bug is vigorously been exploiting in wild. Cataloged as CVE-2016-0189, flaw in security permits attackers to execute malicious code secretly, whenever computers that are vulnerable visit websites which are booby-trapped. Symantec, a security firm, published a blog entry stating that it was exploited in attacks which are targeted on websites of South Korea in days or weeks paving the way to Tuesday. The vulnerability technically exists in the VBScript and JScript engines, however IE is used as a vehicle for exploiting it.

This vulnerability (CVE-2016-4117) is rated critical by Adobe. They also said that Adobe Flash Player 21.0.0.226 as well as previous versions that are running on Macintosh, Windows, Chrome OS and Linux are also affected by this vulnerability.

The company assured a patch for the Flash on 12th May (Thursday). Softpedia.com posted on May 10th, 2016, quoting Adobe as saying that this is a serious vulnerability, thus enabling attacker to crash the Flash Player in a dangerous manner, which may allow the attacker to gain control of the infected system.

The company didn't declare it, but it has been speculated that this resembles a Remote Code Execution (RCE) vulnerability, which most dangerous Flash bugs incline to be.

Distinctly, officials of Adobe cautioned that a newfound Flash vulnerability further allows attackers to hijack machines remotely. Researchers of FireEye, a security firm, first reported it. Adobe announced that an update was planned to be released as early as Thursday.

A blog entry was published by FireEye, on Tuesday, entitled as "Threat actor leverages windows zero-day exploit in payment card data attacks", which explained how the attackers could infect over 100 organisations in North America by using the zero-day vulnerability. However, the bug was CVE-2016-0167 which is a privilege escalation fault that was fixed by Microsoft in Patch Tuesday of last month.

Other than Flash zero-day pre-patch declaration, security fixes of two products are also released by Adobe today.

The company pressed a hotfix for ColdFusion application server platform, which fixes 3 security issues: CVE-2016-1114, CVE-2016-1113, and CVE-2016-1115.

Moreover, Reader as well as Adobe Acrobat received a mammoth 92 security patches, which address all types of vulnerabilities starting from issues of memory corruption to use-after-free vulnerabilities.

ยป SPAMfighter News - 5/16/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next