Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - January 26, 2015

Jan 26, 2015 7:40AM PST
Adobe updates Flash Player again, plugs 0-day exploited by Angler

Adobe made good on its promise to make available by this week a fix for the recently discovered critical zero-day Flash Player vulnerability (CVE-2015-0311) preyed on by the Angler exploit kit.

The company has first issued on Friday an out-of-band update for the software that plugs another zero-day security hole (CVE-2015-0310) exploited in the wild, and on Saturday released another one that solves CVE-2015-0311.

The newest versions - Flash Player 16.0.0.296 (Win and Mac) and Flash Player 11.2.202.440 (Linux) - have been received on Saturday by all those users who have enabled auto-update for the Flash Player desktop runtime.

The rest of the users only had to wait a day more for the download links for these versions to be made available.

According to the most recent information, the flaw is currently being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

Adobe is working with their distribution partners to make the update automatically available in Google Chrome and Internet Explorer 10 and 11.

http://www.net-security.org/secworld.php?id=17867

[ Note: Emphasis by me ]

Related:
Adobe Fixes Second Flash Player Zero-Day Vulnerability
Adobe Begins Auto-Update Patching of Second Flash Player Zero Day
The tooth gnashing you hear is from Flash users installing a new 0day patch

See: Security Updates for Adobe Flash Player (APSB15-02)

Discussion is locked

- Collapse -
Thunderstrike Patch Slated for New OS X Build
Jan 26, 2015 7:44AM PST

In addition to patching the three Project Zero vulnerabilities disclosed last week, Apple is apparently readying a fix for the Thunderstrike boot attack as well, something that will purportedly rid all Macs running Yosemite of the issue.

All of the vulnerabilities have reportedly been fixed in Yosemite 10.10.2, the next build of the OSX, currently in beta and due for release soon.

iMore.com, an Apple news site, reported on Friday that Apple had to change the code "to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again."

Continued : http://threatpost.com/thunderstrike-patch-slated-for-new-os-x-build/110649

Related : Apple preparing to release Thunderstrike patch

- Collapse -
Spreading the Disease and Selling the Cure
Jan 26, 2015 7:45AM PST

When Karim Rattani isn't manning the till at the local Subway franchise in his adopted hometown of Cartersville, Ga., he's usually tinkering with code. The 21-year-old Pakistani native is the lead programmer for two very different yet complementary online services: One lets people launch powerful attacks that can knock Web sites, businesses and other targets offline for hours at a time; the other is a Web hosting service designed to help companies weather such assaults.

Rattani helps run two different "booter" or "stresser" services - grimbooter[dot]com, and restricted-stresser[dot]info. He also works on TheHosted[dot]me, a Web hosting firm marketed to Web sites looking for protection from the very attacks he helps to launch.

As part of an ongoing series on booter services, I reached out to Rattani via his Facebook account (which was replete with images linking to fake Youtube sites that foist malicious software disguised as Adobe's Flash Player plugin). It turns out, the same Google Wallet is used to accept payment for all three services, and that wallet traced back to Rattani.

Continued : http://krebsonsecurity.com/2015/01/spreading-the-disease-and-selling-the-cure/