[Update] Adobe now updated its advisory and confirmed that version fixes the o-day vulnerability (CVE-2015-0311). [2][3]

Adobe apparently just released Flash version There is nothing on Adobes website if this is a patch. As a matter of fact, Adobe still lists as the most recent version [1]. You can download if you manually check for updates using Flash.

This article will be updates as we learn more. I have NO IDEA if this new version fixes the current vulnerability, but given that this is a surprise weekend release, chances are that it was released in response to the vulnerability. Apply this update at your own risk.

Thanks to Christopher for noticing!




Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A fix for the Thunderstrike proof-of-concept bootkit attack has made its way into a beta version of Apple's OS X, according to a just-published report. The new fix may indicate that a patch isn't far from general release.

The exploit was dubbed Thunderstrike because it spreads through maliciously modified peripheral devices connected to a Mac's Thunderbolt interface. When plugged into a Mac that's booting up, the device injects what's known as an option ROM into the extensible firmware interface (EFI), the firmware responsible for starting a Mac's system management mode and enabling other low-level functions. Once a Mac is infected, the malicious firmware can survive hard drive reformats and OS reinstallations. And since Thunderstrike replaces the digital signature Apple uses to ensure only authorized firmware runs on Macs, there are few viable ways to disinfect infected systems.

Earlier this month, Thunderstrike creator Trammell Hudson said that only the latest versions of Mac Mini's and iMac Retina 5ks were largely immune to the exploit but that Apple engineers were in the process of developing a fix for the rest of the Mac product line. According to a report published Friday by iMore, the patch has been spotted in the latest beta of OS X 10.10.2, the next version of Yosemite.

Read 6 remaining paragraphs | Comments

Internet Storm Center Infocon Status