Zero-Day Flaw in Adobe Flash PLayer by Kaspersky

Share it:
Recently we have noted a Zero-day vulnerability in Adobe reader for Android and Adobe team have released the patched of the flaw also. But this is not over for Adobe, a researcher Alexander Polyakov from Kaspersky Lab, have discovered another major Zero-day flaw on the Adobe Flash Player, which is affecting Windows, Linux and Mac OS platform.


All Firms are taking all the vulnerabilities in a serious way after the expose of critical vulnerability Heartbleed bug discovered in OpenSSL, which is a vital component of the Internet infrastructure. As Adobe products is also a important and most commonly used application by any users, so its security risk is very high.
“We received a sample of the first exploit on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature. There were numerous subsequent detection on April 14 and 16. In other words, we succeeded in detecting a previously unknown threat using heuristics.”
“According to KSN data, these exploits were stored as movie.swf and include.swf at an infected site. The only difference between the two pieces of malware is their shellcodes. It should be noted that the second exploit (include.swf) wasn't detected using the same heuristic signature as the first, because it contained a unique shellcode. Each exploit comes as an unpacked flash video file. The Action Script code inside was neither obfuscated nor encrypted,” noted the Kaspersky security experts on securelist.com.

The vulnerability has been reported to the Adobe and Adobe team working on a fix for a few days. Currently Adobe have released a patched version of the Flash Player for all the platform. The security issue was named CVE-2014-0515 and it seems that so far it has been used only against the Windows platform.

So if you have not update your Adobe flash player till yet, then we recommend you all to update it, to fix the issue. 
Share it:

Adobe

Vulnerability

Post A Comment:

0 comments:

Follow by Email