Fixed Flash Zero Day in Exploit Kits
Tuesday, November 3, 2015 @ 03:11 PM gHale
It rarely takes long for a Zero Day to end up implanted in an exploit kit and, sure enough, a now-patched Adobe hole is staring in two attacks, researchers said.
The Zero Day affected all Flash versions 18.x through 22.214.171.124 and 19.x through 126.96.36.199 on Windows and OS X, and 11.x through 188.8.131.525 on Linux.
When the Zero Day ended up patched Adobe said, “successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”
Trend Micro, which found the Zero Day said the vulnerability was attacking ministries of foreign affairs in various countries, by a hacking group with ties to the Russian government, known as Sednit or Operation Pawn Storm.
Now with the Zero Day’s details available online, other types of cyber-criminals didn’t wait too long to integrate it into their own tools, said researchers at Malwarebytes.
Malwarebytes, a security provider, detected versions of the Angler and Nuclear exploit kits actively using this bug, trying to compromise its clients’ PCs.