Two exploit kits have been discovered that allowed hackers to compromise computers. The exploit was patched last week, but many users are considered to still be at risk. The bug was spotted by French security research Kafeine. Risk is considered high because the exploit targets recent versions of Flash Player software.
Prior to the released fix, the bug was a zero-day – meaning no known fix. Two security toolboxes, Angler and Magnitude, are able to take advantage of the flaw. The kits could deploy malware including ransomware, which restricts users’ access to files until a ransom is paid. Generally the ransom is paid using the digital currency [...]
Adobe Flash Player is notorious for causing security issues. It’s just one of the many reasons why sites like YouTube have switched to HTML5. Trend Micro’s researchers recently discovered a zero-day exploit in Flash used for malvertisement attacks, affecting Windows, Mac, and Linux users. According to a security bulletin from Adobe, the vulnerability, known as CVE-2015-0313, affects Flash Player 220.127.116.116 (the latest version) and earlier versions. A patch for CVE-2015-0313 is expected to begin rolling out on February 4th. But until the update is ready, users are recommended to disable Adobe Flash Player.