Update: three ExploitKits have so far integrated this new vulnerability. Our RTI for QId: 120098 in ThreatPROTECT is nowExploitKit and ActiveAttacks. Original: According to Adobe a new 0-day vulnerability in its Flash player is under attack in the wild. The vulnerability in tagged as CVE-2016-4117 and affects Flash player version equal or less than V18.104.22.168. Adobe expects … Continue reading “Adobe Flash new 0-day – Update”
Microsoft has released a new version of Internet Explorer 7-11 that addresses the critical vulnerability CVE-2016-0189 together with four other vulnerabilities. According to Microsoft’s bulletins MS16-051 and MS16-053, CVE-2016-0189 is under active attack in the wild. Our RTI for QId: 100284 and 91220 is ActivelyAttacked.
ImageMagick is a popular open source package for image manipulation. A number of vulnerabilities have been identified in the software: one of them, CVE-2016-3714, allows for Remote Code Execution (RCE) and is under active attack in the wild. There is no patch available at the moment, but users can configure the “policy.xml” file to neutralize … Continue reading “ImageMagick vulnerability under active attack”
Adobe addressed a partial 0-day vulnerability its Flash player with a software release on April 7, 2016. The new version of Flash fixes 24 vulnerabilities, with CVE-2016-1019 under active attack through the Magnitude Exploit Kit. The vulnerability is a partial 0-day because in the newest version of Flash a mitigation strategy introduced by Adobe prevents … Continue reading “Adobe Flash partial 0-day patched in OOB release”
Adobe has acknowledged in APSA15-01 the existence of attacks in the wild against an Adobe Flash vulnerability (CVE-2015-0311). Our RTI for QID: 123181 is set to: 0-day.