Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43434
  • Total Topics: 16528
  • Online today: 3114
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 3044
Total: 3046









Author Topic: Adobe's Flash Player fixed with recent patches...  (Read 8658 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Adobe's Flash Player fixed with recent patches...
« on: 01. May 2014., 10:12:16 »


Adobe Systems released emergency security updates for Flash Player in order to fix a vulnerability that has been exploited in attacks against users since earlier this month.

The attacks were discovered by security researchers from Kaspersky Lab and were launched from a website set up by the Syrian Ministry of Justice to receive complaints about law violations. It’s not clear who was behind the attack, but the site had been compromised in the past by hackers.

“We received a sample of the first exploit on April 14, while a sample of the second came on April 16,” Vyacheslav Zakorzhevsky, manager of the vulnerability research group at Kaspersky Lab said in a blog post Monday. “The first exploit was initially recorded by KSN [the Kaspersky Security Network] on April 9, when it was detected by a general heuristic signature”: http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks

While the two exploits leveraged the same, previously unknown, vulnerability in Flash Player they targeted users in different ways. One exploit could have been used to infect any computer with Flash Player installed, but the second specifically required Adobe Flash Player 10 ActiveX and the Cisco MeetingPlace Express Add-In to be installed on the targeted systems.

The Cisco Unified MeetingPlace Express is a Web collaboration and video conferencing product developed by Cisco Systems and the Kaspersky researchers believe the exploit authors were trying to use it to spy on their targets.

Hackers flee the coop

It’s not known what kind of malware the exploits delivered because the payload files that they were designed to download and execute on the victim computers had been removed from the remote server where they were hosted by the time the attacks were discovered.

Given the nature of the site used to host the exploits and the fact that all identified victims—seven unique users—were based in Syria, “we believe the attack was designed to target Syrian dissidents complaining about the government,” Zakorzhevsky said.

The vulnerability was fixed Monday in the newly released Flash Player 13.0.0.206 for Windows and Mac and Flash Player 11.2.202.356 for Linux: http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
The Flash Player versions bundled with Google Chrome, Internet Explorer 10 on Windows 8 and Internet Explorer 11 on Windows 8.1, will get the fix automatically through the respective update mechanisms of those browsers.

“Although we’ve only seen a limited number attempts to exploit this vulnerability, we’re strongly recommending users to update their versions of Adobe Flash Player software,” Zakorzhevsky said via email. “It is possible that once information about this vulnerability becomes known, criminals will try to reproduce these new exploits or somehow get the existing variants and use them in other attacks.”

It’s likely that cybercriminals will try to profit from this vulnerability even with a patch available, because it will take some time for all users to update their Flash Player installations, Zakorzhevsky said. “Unfortunately this vulnerability will be dangerous for a while.”

News of this Flash Player zero-day exploit comes after Saturday Microsoft warned customers about attacks exploiting a previously unknown vulnerability in Internet Explorer: http://scforum.info/index.php/topic,9047.0.html

(PCW)

Samker's Computer Forum - SCforum.info

Adobe's Flash Player fixed with recent patches...
« on: 01. May 2014., 10:12:16 »

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3614
  • KARMA: 157
  • Gender: Female
    • SCForum.info
Re: Adobe's Flash Player fixed with recent patches...
« Reply #1 on: 04. May 2014., 20:16:22 »
Use Chrome - no more Flash player needed.

Be safe :)

Devvie
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Adobe's Flash Player fixed with recent patches...
« Reply #2 on: 09. May 2014., 21:51:34 »
Use Chrome - no more Flash player needed.

...

I have a feeling that my Chrome is problematic because of that... very often he stuck with Shockwave Player. :thumbsdown:

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3614
  • KARMA: 157
  • Gender: Female
    • SCForum.info
Re: Adobe's Flash Player fixed with recent patches...
« Reply #3 on: 09. May 2014., 22:23:08 »
Use Chrome - no more Flash player needed.

...

I have a feeling that my Chrome is problematic because of that... very often he stuck with Shockwave Player. :thumbsdown:

LOL yeah - that's why I still use Opera 12.15 ;-)
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Adobe's Flash Player fixed with recent patches...
« Reply #4 on: 11. May 2014., 10:07:15 »
Use Chrome - no more Flash player needed.

...

I have a feeling that my Chrome is problematic because of that... very often he stuck with Shockwave Player. :thumbsdown:

LOL yeah - that's why I still use Opera 12.15 ;-)

...but Opera is even slower, approximately as IE. :thumbsdown:

Samker's Computer Forum - SCforum.info

Re: Adobe's Flash Player fixed with recent patches...
« Reply #4 on: 11. May 2014., 10:07:15 »

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3614
  • KARMA: 157
  • Gender: Female
    • SCForum.info
Re: Adobe's Flash Player fixed with recent patches...
« Reply #5 on: 11. May 2014., 23:22:33 »
With just a few tabs... Works ok for me. What would be faster? Firefox?

Btw, got out of a scam today because of Flash... In chrome, the website kept insisting flash.exe should be installed. Logo and all ;p

Them bastards!

:)

Use Chrome - no more Flash player needed.

...

I have a feeling that my Chrome is problematic because of that... very often he stuck with Shockwave Player. :thumbsdown:

LOL yeah - that's why I still use Opera 12.15 ;-)

...but Opera is even slower, approximately as IE. :thumbsdown:

More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Samker's Computer Forum - SCforum.info

Re: Adobe's Flash Player fixed with recent patches...
« Reply #5 on: 11. May 2014., 23:22:33 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023