A rare universal attack campaign aimed at taking over Webmail accounts via Flash:
A dangerous zero-day Flash attack revealed yesterday by Adobe patched along with other flaws in the application is the dreaded and relatively rare universal cross-site scripting threat. The vulnerability was spotted being exploited in the wild in targeted, email-based attacks.
"Universal XSSes are rare enough, but a zero-day floating around targeted attacks: wow," says Jeremiah Grossman, CTO for WhiteHat Security.
Ryan Barnett, senior security researcher for Trustwave, says it sounds a like a cyberespionage-type attack trying to remain under the radar.
Adobe's security update affects vulnerabilities in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris; Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x; and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x. If exploited, the vulnerabilities could allow an attacker to crash and take over the victim's machine.
Posted via email from Don Peer
No comments:
Post a Comment