If youve been meaning to disable Adobe Flash, now might be a good time. Attacks exploiting a critical vulnerability in the latest version of the animation software have been added to a popular exploitation kit, researchers confirmed. Attackers often buy the kits to spare the hassle of writing their own weaponized exploits. Prolific exploit sleuth Kafeine uncovered the addition to Angler, an exploit kit available in underground forums. The zero-day vulnerability was confirmed by Malwarebytes. Malwarebytes researcher Jérôme Segura said one attack he observed used the new exploit to install a distribution botnet known as Bedep. Adobe officials say only that theyre investigating the reports. Until theres a patch, it makes sense to minimize use of Flash when possible. AV software from Malwarebytes and others can also block Angler attacks. Read on Ars Technica | Comments January 21, 2015 at 03:00PM
Posted on: Thu, 22 Jan 2015 01:19:16 +0000