Flash Zero-Day Used in Attacks Now Patched
May 26, 2014
You may want to add updating your Flash Player on your to-do list.
Adobe released a patch for a newly discovered flaw in its Flash Player system. Tagged as CVE-2014-0515, this previously unknown flaw is considered a zero-day vulnerability.
If left unpatched, attackers can use it to remotely access your computer and then turn it into a gold mine of information or a zombie computer in a botnet.
Used in Targeted Attacks
Attackers have already exploited this vulnerability to target Flash Player users running Windows in a business environment. They used a Trojan that requires a specific web conferencing app.
Further Trend Micro analysis shows that this exploit attempts to insert excess data into a computer’s memory until it’s corrupted and open for control. This exploitation method has been previously used on Adobe Reader and other Internet Explorer vulnerabilities.
Impact on Flash Player Users
People who use Flash Player to run various multimedia programs, stream video and audio files, and access other Flash-based applications are exposed to this flaw.
Adobe has listed the specific affected versions on its website:
“Adobe has released security updates for Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Adobe Flash Player 18.104.22.168 and earlier versions for Macintosh and Adobe Flash Player 22.214.171.1240 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.”To know if your computer is affected, go to the Adobe Flash Player about page and look for “Version Information.”
Adobe Security Bulletin, April 28, 2014
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report