Thursday, January 29, 2015

Nasty Adobe Flash bugs being exploited

Flash, of course, is the technology that drives most Internet video like Youtube.  It's now officially the Borepatch most Lousiest Insecure Crapware™ ever:
Another exploited zero-day vulnerability has been uncovered and patched in Adobe Flash, 24 hours after a second flaw in the popular web trinket was found being used in attack kits.

Adobe is examining yesterday's zero day, picked up by French researcher Kafeine who spotted it after analysing a version of the popular Angler exploit kit.

The vulnerability affected Flash Player versions up to 15.0.0.223 and the latest 16.0.0.257.

The latest zero-day, now fixed in a rare emergency patch for Windows, Mac and Linux, was being used by attackers to circumvent memory randomisation mitigations in Windows.
Yup, this means everyone needs to upgrade, even Linux nerds like me.  You can upgrade for free here.

Oh, and it seems that targeted malware is being served up via porn sites.  Not that you'd ever browse for feelthy pixels, of course, but pass it on to your friends that do.

5 comments:

tsquared said...

Double damn, I just updated/verified everything this past weekend and now I can't serf porn.

drjim said...

I think I received THREE updates for Flash this week from OpenSUSE.

Archer said...

Wait...

Questionable sites carry questionable content?

Who'da thunk?

Rick C said...

Actually I read yesterday that Youtube flipped the switch to defaulting to the HTML5 player.

That doesn't invalidate your greater point about Flash.

Guffaw in AZ said...

Done!

Thanks,

gfa