You can now find Cyber Kendra on Google News!

Zero-Day Flaw in Adobe Flash PLayer by Kaspersky

Zero-Day Flaw in Adobe Flash PLayer. 0-day in Adobe, hack adobe, vulnerability in adobe, zero day vulnerability, exploits zeroday, zero day on Internet explorer, Microsoft Zero day, Tuesday patch of Adobe, Heart bleed vulnerability, hacking via zeroday, effecting users

Recently we have noted a Zero-day vulnerability in Adobe reader for Android and Adobe team has released the patch for the flaw also. But this is not over for Adobe, a researcher Alexander Polyakov from Kaspersky Lab, have discovered another major Zero-day flaw in the Adobe Flash Player, which is affecting Windows, Linux, and Mac OS platform.

All Firms are taking all the vulnerabilities seriously way after the exposure of a critical vulnerability Heartbleed bug discovered in OpenSSL, which is a vital component of the Internet infrastructure. As Adobe products are also an important and most commonly used application by users, its security risk is very high.

“We received a sample of the first exploit on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature. There were numerous subsequent detection on April 14 and 16. In other words, we succeeded in detecting a previously unknown threat using heuristics.”
“According to KSN data, these exploits were stored as movie.swf and include.swf at an infected site. The only difference between the two pieces of malware is their shell codes. It should be noted that the second exploit (include.swf) wasn't detected using the same heuristic signature as the first, because it contained a unique shellcode. Each exploit comes as an unpacked flash video file. The Action Script code inside was neither obfuscated nor encrypted,” noted the Kaspersky security experts on securelist.com.

The vulnerability has been reported to Adobe and Adobe team working on a fix for a few days. Currently, Adobe has released a patched version of the Flash Player for all platforms. The security issue was named CVE-2014-0515 and it seems that so far it has been used only against the Windows platform.

So if you have not updated your Adobe flash player yet, then we recommend you all update it, to fix the issue. 

Post a Comment