Zero Day Exploits Target Flash

Jan 27, 2015

By Joe Casad

Adobe scrambles to release patches for vulnerable Flash Player.

Adobe engineers worked overtime the past two weeks to restore security (and public confidence) in the ubiquitous Adobe Flash, which has been in the news recently with some high-profile zero-day exploits.
Adobe announced a patch on January 22 for a recent vulnerability (CVE-2015-0310) based on faulty memory protection. The patch applies to Windows, Mac OS, and Linux systems. According to security expert Kafeine, the exploit has already been integrated into the latest versions of the Angler exploit kit, a universal tool used by attackers. The attack was apparently used to install versions of the Bedep, a malware tool used for ad fraud.
The version of the attack detected in the wild appeared to focus on IE and Windows systems and could even compromise a fully updated version of Windows 8.1. However, researchers could not rule out the possibility of the attack being used with Mac and Linux systems as well. A later version of Angler appears to have been adapted to attack Firefox as well.
A related exploit (CVE-2015-0311) was also discovered in the wild and patched through a second emergency fix a week later.

Users are advised to install the patches as soon as possible.

Related content

Adobe Issues Security Advisory for Flash Player

A security advisory warning has been issued by Adobe for a critical vulnerablity in its Flash Player 10.2.153.1 and more.

more »
NEWS

Updates on technologies, trends, and tools

more »
Adobe Patches Flash Player

Adobe has come out with a patch for Flash Player to fix a recent security problem.

more »
Adobe Flash Player and Reader with Critical Security Advisory

Adobe announced a critical vulnerability for its Flash Player 9.0.159.0 and 10.0.22.87 and earlier, along with the authplay.dll component in its Reader and Acrobat 9.x., that goes across platforms in Windows, Macintosh, Linux and Solaris.

more »
New Worm Attacks Linux Devices

Symantec says Linux-Darlloz burrows in through PHP.

more »

comments powered by Disqus

Issue 268/2023

Buy this issue as a PDF

Digital Issue: Price $12.99

(incl. VAT)

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs

News

Escuelas Linux 8.0 is Now Available

Just in time for its 25th anniversary, the developers of Escuelas Linux have released the latest version.
LibreOffice 7.5 has Arrived Loaded with New Features and Improvements

The favorite office suite of the Linux community has a new release that includes some visual refreshing and new features across all modules.
The Next Major Release of Elementary OS Has Arrived

It's been over a year since the developers of elementary OS released version 6.1 (Jólnir) but they've finally made their latest release (Horus) available with a renewed focus on the user.
KDE Plasma 5.27 Beta Is Ready for Testing

The latest beta iteration of the KDE Plasma desktop is now available and includes some important additions and fixes.
Netrunner OS 23 Is Now Available

The latest version of this Linux distribution is now based on Debian Bullseye and is ready for installation and finally hits the KDE 5.20 branch of the desktop.
New Linux Distribution Built for Gamers

With a Gnome desktop that offers different layouts and a custom kernel, PikaOS is a great option for gamers of all types.
System76 Beefs Up Popular Pangolin Laptop

The darling of open-source-powered laptops and desktops will soon drop a new AMD Ryzen 7-powered version of their popular Pangolin laptop.
Nobara Project Is a Modified Version of Fedora with User-Friendly Fixes

If you're looking for a version of Fedora that includes third-party and proprietary packages, look no further than the Nobara Project.
Gnome 44 Now Has a Release Date

Gnome 44 will be officially released on March 22, 2023.
Nitrux 2.6 Available with Kernel 6.1 and a Major Change

The developers of Nitrux have officially released version 2.6 of their Linux distribution with plenty of new features to excite users.