Collaborate Disseminate
Adobe has released an out-of-band security update for Flash Player that fixes two vulnerabilities, one of which is a zero-day (CVE-2018-15982) that has been spotted being exploited in the wild. About the vulnerability (CVE-2018-15982) CVE-2018-15982 is… Continue reading Adobe patches newly exploited Flash zero-day
Adobe issued a new patch for a zero-day security vulnerability that exploited a flaw in the company’s Flash Player. The flaw, uncovered by researchers from the security vendor Gigamon, was exploitable through Microsoft Word, according to a report published Wednesday. Researchers discovered the vulnerability after a Ukrainian IP address submitted the details to VirusTotal, a malware analysis site, the Gigamon report said. The document was made to look like a job application form for a Russian health clinic, but in fact was meant to deliver reconnaissance malware. Researchers also said the hacking technique was similar to tools used by HackingTeam, an Italian surveillance company that had much of its spyware leaked in 2015. Gigamon researchers did not attribute this malware to HackingTeam because many of the company’s tools have been publicly accessible online for three years, meaning other hackers could have replicated some of that malicious code. The researchers also did not prioritize attribution, arguing that […]
The post Report: Adobe zero-day exploit similar to HackingTeam tool appeared first on Cyberscoop.
Continue reading Report: Adobe zero-day exploit similar to HackingTeam tool
Adobe issued a patch for the zero-day on Wednesday. Continue reading Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign
The vulnerability could lead to arbitrary code execution. Continue reading Adobe Patches Zero-Day Vulnerability in Flash Player
Adobe’s Flash Player for Windows, Mac and Linux has a critical vulnerability that should be patched as a top priority. Continue reading Update now! Adobe Flash has another critical security vulnerability
Adobe has issued a patch for its Flash Player software, fixing a critical bug that would have allowed attackers to remotely execute malicious code. The company labels it as a “type confusion” vulnerability. That means that Flash Player could run a piece of code without verifying what type it is. If an unpatched version of Flash is running, an attacker could trick users into visiting a website hosting malicious code that could then run on the user’s Flash Player, as explained in a security advisory issued by Microsoft. According to SecurityWeek, the bug was originally reported by Israeli researcher Gil Dabah, who described it in a blog post on Nov. 13. It’s not clear why he disclosed publicly if a patch wasn’t ready, or why there was a week between his disclosure and the release of a patch. Adobe does not credit Dabah in its alert. Adobe Flash can be installed […]
The post Adobe issues fix for Flash bug allowing remote code execution appeared first on Cyberscoop.
Continue reading Adobe issues fix for Flash bug allowing remote code execution
Adobe has released a Flash Player update that plugs a critical vulnerability (CVE-2018-15981) that could lead to remote code execution, and is urging users to implement it as soon as possible. The flaw affects Flash Player 31.0.0.148 and earlier versio… Continue reading Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent
Overall, the company released only three patches as part of its regularly-scheduled November update. Continue reading Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC
Google Play’s policy prohibits apps or SDKs that download executable code, such as dex files or native code, from a source other than Google Play Continue reading Malware-Laced App Lurked on Google Play For a Year
Hackers hide Cryptocurrency malware in Adobe flash updates, the government is finally rolling out 2 Factor Authentication for Federal Agency Domains, and Disney is helping women from across their company to become Developers! Full Show NotesFollow us o… Continue reading Cryptocurrency, Disney, and Adobe – Application Security Weekly #36