Fixed Flash Zero Day in Exploit Kits

Tuesday, November 3, 2015 @ 03:11 PM gHale

It rarely takes long for a Zero Day to end up implanted in an exploit kit and, sure enough, a now-patched Adobe hole is staring in two attacks, researchers said.

The Zero Day affected all Flash versions 18.x through and 19.x through on Windows and OS X, and 11.x through on Linux.

Adobe Mitigates Shockwave Holes
Emergency Flash Update Nabs Zero Day
Flash, Acrobat, Reader Holes Fixed
Adobe Zero Day Under Attack

When the Zero Day ended up patched Adobe said, “successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”

Trend Micro, which found the Zero Day said the vulnerability was attacking ministries of foreign affairs in various countries, by a hacking group with ties to the Russian government, known as Sednit or Operation Pawn Storm.

Now with the Zero Day’s details available online, other types of cyber-criminals didn’t wait too long to integrate it into their own tools, said researchers at Malwarebytes.

Malwarebytes, a security provider, detected versions of the Angler and Nuclear exploit kits actively using this bug, trying to compromise its clients’ PCs.