Submission + - Adobe Patches One Flash Zero Day, Another Still Unfixed
Trailrunner7 writes: Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit.
The vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks.
The patch for Flash comes just a day after Kafeine disclosed that some instances of the Angler exploit kit contained an exploit for a previously unknown vulnerability in the software. Adobe officials said Wednesday that they were investigating the reports. Kafeine initially saw Angler attacking the latest version of Flash in IE on Windows XP, Vista, 7 and 8, but said the exploit wasn’t being used against Chrome or Firefox.
On Thursday he said on Twitter that the group behind Angler had changed the code to exploit Firefox as well as fully patched IE 11 on Windows 8.1.
The vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks.
The patch for Flash comes just a day after Kafeine disclosed that some instances of the Angler exploit kit contained an exploit for a previously unknown vulnerability in the software. Adobe officials said Wednesday that they were investigating the reports. Kafeine initially saw Angler attacking the latest version of Flash in IE on Windows XP, Vista, 7 and 8, but said the exploit wasn’t being used against Chrome or Firefox.
On Thursday he said on Twitter that the group behind Angler had changed the code to exploit Firefox as well as fully patched IE 11 on Windows 8.1.