This month’s Patch Tuesday entry patched a number of critical vulnerabilities from Microsoft and Adobe, including a DNS-related vulnerability, CVE-2018-8225 and a critical Flash Player vulnerability, CVE-2018-5002.
Read More Microsoft has rolled out its Patch Tuesday for April to address security issues in Internet Explorer (IE), Edge, ChakraCore, Visual Studio, Microsoft Office and Office Services and Web Apps, and Malware Protection Engine. Of the 67 listed vulnerabilities, 24 were rated critical. Eight of these were disclosed through Trend Micro’s ZDI program.
Read MoreOn March 10, Adobe has released an emergency out-of-band update to fix a zero-day vulnerability that was being used in targeted attacks. The vulnerability was designated as CVE-2016-1010. To analyze this vulnerability, I examined an earlier version of the Flash Player (Flash32_19_0_0_185.ocx file on Windows 7) to find the root cause of the vulnerability.
Read MoreFollowing its release of a security update for Acrobat and Reader, Adobe has released another one, this time to address 23 reported vulnerabilities in Flash. In its advisory (APSB16-08), Adobe notes that this patch addresses critical vulnerabilities that could allow an attack to gain control of an affected system. They further note that one of the vulnerabilities (CVE-2016-1010) “is being used in limited, targeted attacks.”
Read MoreThreats never stand still, and exploits kits were no exception. 2015 saw multiple changes to this part of the threat landscape: freshly-discovered exploits were added, and compromised websites and malvertising were used to deploy and spread threats using exploit kits. Exploit kits were a key part of the threat landscape in 2015. In this series of posts,…
Read More