CATEGORIES
home News

Adobe’s Latest Zero-Day Exploit Repurposed, Going Viral Via Adult Websites

by Rob WilliamsTuesday, January 27, 2015, 06:20 PM EDT

At this point, I think it's safe to call the security level of Adobe's Flash player "asinine". Sometimes, it feels like full-blown OSes, such as Windows, have far fewer bugs. When is the last time you remember having to update your OS with an emergency patch? Now how about Adobe Flash? Exactly.

Well, since Adobe didn't put it in its New Years' resolutions to release more secure software, this is a reality that's not going to change too soon. Yesterday, the company issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit).

To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year.

Adobe Flash Update

This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather specific: porn hounds. According to FireEye, which has researched the CVE-2015-0311 vulnerability extensively, this exploit has reached people via banner ads on popular adult websites. It's mentioned that even a top 1000 website was affected, so it's not as though victims are surfing to the murkiest depths of the Web.

That's a little scary, and clear proof that Adobe's Flash plugin simply needs to die off. There's a clear reason why many media websites have already transitioned to HTML 5 instead of Flash. On that front, Adobe's had a lot of time to improve the security situation of its Flash player, but it simply hasn't happened, and a ridiculous bug like CVE-2015-0301 is living proof.

To make sure you're up-to-date, you can head on over to the official Flash player download page and check - or at least hopefully, as the site is broken as of the time of writing. The version you'll want to verify you're running is 16.0.0.296 for Windows, OS X, and Chrome OS, and 11.2.202.440 for Linux.

Tags:  Adobe, security, vulnerability, NASDAQ: ADBE
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment