Adobe has just released a security update for Adobe Flash to address a vulnerability (CVE-2016-1019) that was used in zero day attacks against older versions of Adobe Flash. We previously discussed one such attack when we discovered this vulnerability being integrated in Magnitude Exploit Kit. In this post, we took a look at the exploit code. In the sample we acquired from our Smart Protection Network feedback, we observed that this vulnerability is also present in Mac OS X. In addition to being present on the Windows platform, it is interesting to note it is also present on Mac OS X given that fewer exploits target the said OS.
Read MoreFollowing their security advisory last April 5, 2016, Adobe has released an out of band patch today for the vulnerability CVE-2016-1019, which affects Adobe Flash Player. Trend Micro has observed active zero day attacks from the Magnitude Exploit Kit affecting users of Flash 20.0.0.306 and earlier. These attacks are not effective against users of Flash versions 21.0.0.182 and 21.0.0.197. This is because of a heap mitigation that Adobe introduced in version 21.0.0.182 and is also present in version 21.0.0.197. Users of these versions will only experience a crash in Adobe Flash when attacks attempt to exploit the vulnerability.
Read More