You can now find Cyber Kendra on Google News!

Zero-Day Flaw in Adobe Flash PLayer by Kaspersky

Zero-Day Flaw in Adobe Flash PLayer. 0-day in Adobe, hack adobe, vulnerability in adobe, zero day vulnerability, exploits zeroday, zero day on Internet explorer, Microsoft Zero day, Tuesday patch of Adobe, Heart bleed vulnerability, hacking via zeroday, effecting users
Recently we have noted a Zero-day vulnerability in Adobe reader for Android and Adobe team have released the patched of the flaw also. But this is not over for Adobe, a researcher Alexander Polyakov from Kaspersky Lab, have discovered another major Zero-day flaw on the Adobe Flash Player, which is affecting Windows, Linux and Mac OS platform.

All Firms are taking all the vulnerabilities in a serious way after the expose of critical vulnerability Heartbleed bug discovered in OpenSSL, which is a vital component of the Internet infrastructure. As Adobe products is also a important and most commonly used application by any users, so its security risk is very high.
“We received a sample of the first exploit on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature. There were numerous subsequent detection on April 14 and 16. In other words, we succeeded in detecting a previously unknown threat using heuristics.”
“According to KSN data, these exploits were stored as movie.swf and include.swf at an infected site. The only difference between the two pieces of malware is their shellcodes. It should be noted that the second exploit (include.swf) wasn't detected using the same heuristic signature as the first, because it contained a unique shellcode. Each exploit comes as an unpacked flash video file. The Action Script code inside was neither obfuscated nor encrypted,” noted the Kaspersky security experts on

The vulnerability has been reported to the Adobe and Adobe team working on a fix for a few days. Currently Adobe have released a patched version of the Flash Player for all the platform. The security issue was named CVE-2014-0515 and it seems that so far it has been used only against the Windows platform.

So if you have not update your Adobe flash player till yet, then we recommend you all to update it, to fix the issue. 

Post a Comment