Zero Day Exploits Target Flash
Adobe scrambles to release patches for vulnerable Flash Player.
Adobe engineers worked overtime the past two weeks to restore security (and public confidence) in the ubiquitous Adobe Flash, which has been in the news recently with some high-profile zero-day exploits.
Adobe announced a patch on January 22 for a recent vulnerability (CVE-2015-0310) based on faulty memory protection. The patch applies to Windows, Mac OS, and Linux systems. According to security expert Kafeine, the exploit has already been integrated into the latest versions of the Angler exploit kit, a universal tool used by attackers. The attack was apparently used to install versions of the Bedep, a malware tool used for ad fraud.
The version of the attack detected in the wild appeared to focus on IE and Windows systems and could even compromise a fully updated version of Windows 8.1. However, researchers could not rule out the possibility of the attack being used with Mac and Linux systems as well. A later version of Angler appears to have been adapted to attack Firefox as well.
A related exploit (CVE-2015-0311) was also discovered in the wild and patched through a second emergency fix a week later.
Users are advised to install the patches as soon as possible.
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
More than 43 Million Lines of Code in Linux Kernel 7.2
Using the cloc utility, Michael Larabel of Phoronix discovered that Linux kernel 7.2 has over 43 million lines of code.
-
Kubuntu Focus Goes Ultra
The Kubuntu Focus team has upped the performance ante of its M2 and Zr laptops with the latest, greatest CPUs from Intel.
-
Linux Gamers May Soon See Less Mouse Lag in KDE Plasma
Gamers using KDE’s Plasma desktop have been suffering from a slight input delay in mouse movement that could lead to getting fragged.
-
Three Lines of Code Improve Linux Storage Performance
A developer changed three lines of code, giving Linux storage performance a 5% bump.
-
AUR Hit Again with Malicious Packages
Once again the Arch User Repository is plagued by a high volume of malicious packages.
-
Alpine Linux 3.24 Features Fresh Desktops and a Newer Kernel
If you're a fan of Alpine Linux, it's time to upgrade because the latest version has been released with KDE Plasma 6.6, Gnome 50, and Linux kernel 6.18 LTS.
-
EU Open Source Strategy Plays Key Role in Tech Sovereignty Package
Comprehensive measures adopted by the European Commission aim to reduce dependency on non-EU countries.
-
Linux Foundation Report Indicates AI Driving Tech Hiring
Within growing security and skills gaps, AI has been found to be a positive driving force behind tech hiring trends in Europe.
-
United Nations Open Source Portal Goes Live
A new open source portal seeks to coordinate and scale open source efforts across the United Nations system.
-
KDE Linux Drops AUR
KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.
