1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Encrypted Flash exploit bypassing vector mitigations

Discussion in 'CSO' started by RSS, Oct 5, 2015.

  1. RSS

    RSS New Member Member

    Researchers at Morphisec, an Israeli start-up focusing on polymorphic defense, a process that earned them kudos during the RSA Conference in 2014, have discovered a clever Flash bypass being used by the Nuclear exploit kit.

    CVE-2015-5560 has been targeted by both the Angler and Nuclear exploit kits. The vulnerability itself was patched in August, after Adobe released Flash version 18.0.0.232.

    Realistically though, Adobe, while a priority in most cases, doesn't often see immediate updates within organizations that lack a patch management process. Thus, there are still plenty of systems (at home and in the office) that are running Flash 18.0.0.209 or lower.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page