Monday, July 13, 2015

Java and Flash both vulnerable—again—to new 0-day attacks

Java and Flash both vulnerable—again—to new 0-day attacks | Ars Technica "nternet users should take renewed caution when using both Adobe Flash and Oracle's Java software framework; over the weekend, three previously unknown critical vulnerabilities that could be used to surreptitiously install malware on end-user computers were revealed in Flash and Java. The Java vulnerability is significant because attackers are actively exploiting it in an attempt to infect members of NATO."

"The two Flash vulnerabilities were unearthed late last week in the 400-gigabyte dump taken from Hacking Team, the Italian spyware developer that was breached eight days ago. The two zero-day flaws, designated CVE-2015-5122 and CVE-2015-5123, are in addition to a separate previously unknown Flash vulnerability found by Hacking Team that Adobe patched on Wednesday. The currently unpatched vulnerabilities reside in the Windows, Mac OS X, and Linux versions of the most recent versions of Flash and allow attackers to remotely execute malicious code."

I'm guessing this is why Facebook's new chief security officer wants to set a date to kill Flash.

No comments: