Information Security News
Adobe Systems is once again rolling out an emergency Flash update that patches a critical vulnerability under active attack to compromise the computers of unsuspecting users.
The latest Flash versions fix a remote code-execution bug that, as Ars reported last week, recently came under attack in the Angler exploit kit. Malware purveyors and other types of online crooks use such kits to seed compromised websites with attack code. Once people visit the sites with vulnerable computers, the booby-trapped pages surreptitiously exploit the vulnerabilities and install backdoors that can be used to log keystrokes, steal passwords, and install new pieces of malware at will.
An advisory Adobe published late last week warned that the bug resides in versions running on Windows, Macs, and Linux systems. So far, reports suggest that in-the-wild exploits are limited only to Windows systems. The vulnerability stems from a so-called use-after-free bug that allows attackers to corrupt the memory of affected computers. Trend Micro has additional technical details here.
Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 18.104.22.1686 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post.
To that end we">GREEN. Please ensure you apply updates as soon as possible and stay tuned here as additional related information">|">@holisticinfosec(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Three Reasons Big Companies Should Work With Security Startups
While large companies are just as committed to innovation as startups are, most invest in innovation via acquisition not incubation, which means the future of infosec relies heavily on the ability of innovative start-ups to create and validate new ...