Adobe has released an out-of-bound patch for Flash Player due to a zero-day vulnerability. According to Adobe’s bulletin (APSB16-36), versions of Flash from 22.214.171.124 and earlier (released on October 11) are affected. (Adobe Flash Player for Linux uses a separate version numbering system; for that product versions 126.96.36.1997 and earlier are vulnerable.) We urge all users who still have Flash installed to update to the version released today as soon as possible.Read More
Adobe has just released a security update for Adobe Flash to address a vulnerability (CVE-2016-1019) that was used in zero day attacks against older versions of Adobe Flash. We previously discussed one such attack when we discovered this vulnerability being integrated in Magnitude Exploit Kit. In this post, we took a look at the exploit code. In the sample we acquired from our Smart Protection Network feedback, we observed that this vulnerability is also present in Mac OS X. In addition to being present on the Windows platform, it is interesting to note it is also present on Mac OS X given that fewer exploits target the said OS.Read More
Following their security advisory last April 5, 2016, Adobe has released an out of band patch today for the vulnerability CVE-2016-1019, which affects Adobe Flash Player. Trend Micro has observed active zero day attacks from the Magnitude Exploit Kit affecting users of Flash 188.8.131.526 and earlier. These attacks are not effective against users of Flash versions 184.108.40.206 and 220.127.116.11. This is because of a heap mitigation that Adobe introduced in version 18.104.22.168 and is also present in version 22.214.171.124. Users of these versions will only experience a crash in Adobe Flash when attacks attempt to exploit the vulnerability.Read More
In this month’s Patch Tuesday, Adobe released updates for 79 vulnerabilities in its Flash Player, the most number of vulnerabilities patched for the said product this year. 56 of these are use-after free (UAF) vulnerabilities, which may allow attackers to remotely run arbitrary code on affected systems. Most of the other vulnerabilities relate to memory corruption and buffer overflow.Read More
Trend Micro researchers have discovered that the attackers behind Pawn Storm are using a new Adobe Flash zero-day exploit in their latest campaign. Pawn Storm is a long-running cyber-espionage campaign known for its high-profile targets and usage of the first Java zero-day we’ve seen in the last couple of years.
In this most recent campaign, Pawn Storm targeted several foreign affairs ministries from around the globe. The targets received spear phishing e-mails that contained links leading to the exploit. The emails and URLs were crafted to appear like they lead to information about current events.Read More