Attackers Abuse Zero-Day Vulnerability in Flash

Spread the love

The latest version of Adobe Flash includes a zero-day vulnerability, which allows attackers to install malware. In any case, Internet Explorer users on Windows versions earlier than 8.1 are vulnerable; Chrome users are safe.

In any case, users of Internet Explorer 8 on Windows XP and Windows 7, as well as users of Internet Explorer 10 on Windows 8 and Windows 8 RT, are vulnerable. Windows 8.1 users are quite safe; a security problem does occur, but it is less serious.

The discoverer of the zero-day abuse, security researcher ‘Kafeine’, has determined that Chrome users are safe from problems, thanks to the sandbox in which code runs in Google’s browser. Whether other browsers and operating systems are safe remains to be seen.

Little is known about how the zero day works; until Adobe closes the vulnerability, Kafeine keeps his jaws tight. A zero-day vulnerability is a bug that has not yet been patched and that users can therefore hardly protect themselves against.

The vulnerability is included in the Angler exploit kit, according to Kafeine, indicating that the bug allows a malicious malware to be installed. Exploit kits are used by attackers to install malware on a large scale, such as adware or ransomware. For example, the exploit kits can get the malware onto users’ PCs through rogue advertisements.

You might also like