1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cybercriminals adopt recently patched zero-day exploit in a flash

Discussion in 'Network World' started by RSS, Jun 29, 2015.

  1. RSS

    RSS New Member Member

    Just four days after Adobe Systems patched a vulnerability in Flash Player, the exploit was adopted by cybercriminals for use in large-scale attacks. This highlights the increasingly small time frame users have to deploy patches.

    On Saturday, a malware researcher known online as Kafeine spotted a drive-by download attack done with the Magnitude exploit kit that was exploiting a Flash Player vulnerability patched Tuesday.

    The flaw, tracked as CVE-2015-3113 in the Common Vulnerabilities and Exposures database, had zero-day status—that is, it was previously unpatched—when Adobe released a patch for it. It had already been exploited by a China-based cyberespionage group for several weeks in targeted attacks against organizations from the aerospace, defense, construction, engineering, technology, telecommunications and transportation industries.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page