Adobe Flash new 0-day – Update

Update: three ExploitKits have so far integrated this new vulnerability. Our RTI for QId: 120098 in ThreatPROTECT is nowExploitKit and ActiveAttacks. Original: According to Adobe a new 0-day vulnerability in its Flash player is under attack in the wild. The vulnerability in tagged as CVE-2016-4117 and affects Flash player version equal or less than V21.0.0.226. Adobe expects … Continue reading “Adobe Flash new 0-day – Update”

Internet Explorer under active attack

Microsoft has released a new version of Internet Explorer 7-11 that addresses the critical vulnerability CVE-2016-0189 together with four other vulnerabilities. According to Microsoft’s bulletins MS16-051 and MS16-053, CVE-2016-0189 is under active attack in the wild. Our RTI for QId: 100284 and 91220 is ActivelyAttacked.

ImageMagick vulnerability under active attack

ImageMagick is a popular open source package for image manipulation. A number of vulnerabilities have been identified in the software: one of them, CVE-2016-3714, allows for Remote Code Execution (RCE) and is under active attack in the wild. There is no patch available at the moment, but users can configure the “policy.xml” file to neutralize … Continue reading “ImageMagick vulnerability under active attack”

Adobe Flash partial 0-day patched in OOB release

Adobe addressed a partial 0-day vulnerability its Flash player with a software release on April 7, 2016. The new version of Flash fixes 24 vulnerabilities, with CVE-2016-1019 under active attack through the Magnitude Exploit Kit. The vulnerability is a partial 0-day because in the newest version of Flash a mitigation strategy introduced by Adobe prevents … Continue reading “Adobe Flash partial 0-day patched in OOB release”

2nd Flash 0-day

Adobe has acknowledged in APSA15-01 the existence of attacks in the wild against an Adobe Flash vulnerability (CVE-2015-0311). Our RTI for QID: 123181 is set to: 0-day.