Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Patches Flash Zero-Day Exploited By Magnitude Exploit Kit (securityweek.com)

Posted by BeauHD on from the quick-before-it's-too-late dept.

wiredmikey writes: Adobe released a Flash Player update on Thursday night to patch a zero-day vulnerability that has been leveraged by cybercriminals to deliver malware via the Magnitude exploit kit. The vulnerability [CVE-2016-1019], a memory corruption that can be exploited for remote code execution, was discovered after, on April 2, security researcher Kafeine of Proofpoint noticed a change in the Magnitude exploit kit. The sample was then investigated by FireEye, which determined that Magnitude EK had been exploiting a previously unknown vulnerability in Flash Player."Despite the fact that this new exploit could potentially work on any version of Adobe Flash, including a fully patched instance of Flash, the threat actors implemented it in a manner that only targeted older versions of Flash. In other words, equipped with a weapon that could pierce even the latest armor, they only used it against old armor, and in doing so exposed to security researchers a previously unreported vulnerability," Proofpoint said in a blog post.

2 of 69 comments (clear)

  1. You were warned by Gravis+Zero · · Score: 1, Troll

    You have been warned repeatedly that you Flash and Java plugins/addons/extensions are insecure and that you should uninstall them. Therefore, if you still have Flash or Java installed and you get compromised because of it, you only have yourself to blame.

    --
    Anons need not reply. Questions end with a question mark.
  2. Unicode support is not needed here. by Anonymous Coward · · Score: 0, Troll

    There's no reason to support Unicode on a site like this. It primary targets an English audience. Anything worth expressing here can be expressed using ASCII.

    The last thing Slashdot needs is spam in Russian and Chinese, or stupid Japanese-style kaomoji emoticons, or idiotic emoji characters all over, or people drawing stupid shit with other Unicode characters.

    Yeah, maybe Unicode is useful if your audience is primary Chinese-speaking, but that's not the case here. Unicode would be far more harmful than helpful.

    Besides, there are a lot of other more important things to deal with first. Like fixing the goddamn moderation and metamoderation systems. I have to constantly browse at -1 because the best content here ends up incorrectly modded down. The broken metamoderation system obviously isn't helping fix this problem, either. Shit, at this point I'd rather see the Slashdot devs spend their time and effort removing the moderation and metamoderation systems completely, rather than dicking around with Unicode support.