Adobe has released an out-of-bound patch for Flash Player due to a zero-day vulnerability. According to Adobe’s bulletin (APSB16-36), versions of Flash from 22.214.171.124 and earlier (released on October 11) are affected. (Adobe Flash Player for Linux uses a separate version numbering system; for that product versions 126.96.36.1997 and earlier are vulnerable.) We urge all users who still have Flash installed to update to the version released today as soon as possible.Read More
Adobe has just released a security update for Adobe Flash to address a vulnerability (CVE-2016-1019) that was used in zero day attacks against older versions of Adobe Flash. We previously discussed one such attack when we discovered this vulnerability being integrated in Magnitude Exploit Kit. In this post, we took a look at the exploit code. In the sample we acquired from our Smart Protection Network feedback, we observed that this vulnerability is also present in Mac OS X. In addition to being present on the Windows platform, it is interesting to note it is also present on Mac OS X given that fewer exploits target the said OS.Read More
Trend Micro researchers have discovered that the attackers behind Pawn Storm are using a new Adobe Flash zero-day exploit in their latest campaign. Pawn Storm is a long-running cyber-espionage campaign known for its high-profile targets and usage of the first Java zero-day we’ve seen in the last couple of years.
In this most recent campaign, Pawn Storm targeted several foreign affairs ministries from around the globe. The targets received spear phishing e-mails that contained links leading to the exploit. The emails and URLs were crafted to appear like they lead to information about current events.Read More
Another zero-day vulnerability has been found by Trend Micro researchers from the Hacking Team trove of data. We reported this vulnerability to Microsoft, and it has been designated as CVE-2015-2426. It has also been patched in an unusual out-of-band patch. It could be used to carry out a Windows local privilege escalation (LPE). By exploiting this vulnerability, attackers…Read More
Oracle has released its Critical Patch Update for the month of July. The update provides fixes for 193 new security vulnerabilities, including the recently announced zero-day vulnerability first reported by Trend Micro researchers. What makes the zero-day discovery more notable is that it is being used in an ongoing targeted attack campaign, Operation Pawn Storm….Read More