type confusion – WindowsTechs.com

Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now

Posted on June 6, 2023 by Paul Ducklin

Chrome 0-day patched now, Edge patch coming soon. Continue reading Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now→

Yet another Chrome zero-day emergency update – patch now!

Posted on April 16, 2022 by Paul Ducklin

The third emergency Chrome 0-day in three months – the first one was exploited by North Korea, so you might as well get this one ASAP. Continue reading Yet another Chrome zero-day emergency update – patch now!→

Adobe issues fix for Flash bug allowing remote code execution

Posted on November 21, 2018 by Zaid Shoorbajee

Adobe has issued a patch for its Flash Player software, fixing a critical bug that would have allowed attackers to remotely execute malicious code. The company labels it as a “type confusion” vulnerability. That means that Flash Player could run a piece of code without verifying what type it is. If an unpatched version of Flash is running, an attacker could trick users into visiting a website hosting malicious code that could then run on the user’s Flash Player, as explained in a security advisory issued by Microsoft. According to SecurityWeek, the bug was originally reported by Israeli researcher Gil Dabah, who described it in a blog post on Nov. 13. It’s not clear why he disclosed publicly if a patch wasn’t ready, or why there was a week between his disclosure and the release of a patch. Adobe does not credit Dabah in its alert. Adobe Flash can be installed […]

The post Adobe issues fix for Flash bug allowing remote code execution appeared first on Cyberscoop.

Continue reading Adobe issues fix for Flash bug allowing remote code execution→

SSD Advisory – Chrome Type Confusion in JSCreateObject Operation to RCE

Posted on October 29, 2018 by SSD / Ori Nimron

Vulnerabilities Summary The following advisory discusses a vulnerability found in turbofan, the JIT compiler. We can trigger the JavaScript code in a way that leads to type confusion that can be exploited in order to execute code remotely on Google Chr… Continue reading SSD Advisory – Chrome Type Confusion in JSCreateObject Operation to RCE→

New Adobe Flash Player exploit used by Magnitude and Nuclear exploit kits

Posted on April 12, 2016 by Karthikeyan Kasiviswanathan

Exploit kits (EKs) including Magnitude and Nuclear have begun to exploit a type confusion vulnerability in Adobe Flash Player (CVE-2016-1019).Read More Continue reading New Adobe Flash Player exploit used by Magnitude and Nuclear exploit kits→