Another exploited zero-day vulnerability has been uncovered and patched in Adobe Flash, 24 hours after a second flaw in the popular web trinket was found being used in attack kits.Yup, this means everyone needs to upgrade, even Linux nerds like me. You can upgrade for free here.
Adobe is examining yesterday's zero day, picked up by French researcher Kafeine who spotted it after analysing a version of the popular Angler exploit kit.
The vulnerability affected Flash Player versions up to 15.0.0.223 and the latest 16.0.0.257.
The latest zero-day, now fixed in a rare emergency patch for Windows, Mac and Linux, was being used by attackers to circumvent memory randomisation mitigations in Windows.
Oh, and it seems that targeted malware is being served up via porn sites. Not that you'd ever browse for feelthy pixels, of course, but pass it on to your friends that do.
Double damn, I just updated/verified everything this past weekend and now I can't serf porn.
ReplyDeleteI think I received THREE updates for Flash this week from OpenSUSE.
ReplyDeleteWait...
ReplyDeleteQuestionable sites carry questionable content?
Who'da thunk?
Actually I read yesterday that Youtube flipped the switch to defaulting to the HTML5 player.
ReplyDeleteThat doesn't invalidate your greater point about Flash.
Done!
ReplyDeleteThanks,
gfa