One week after patch, Flash vulnerability already exploited in large-scale attacks

‹ PrevPC World Icon PC WorldNext ›
Tue 10:50am by: PC World

If you haven't updated your Flash Player with the fixes released on Oct. 14, you may be vulnerable to new attacks using a commercial exploit kit called Fiesta, security researchers warn.

The vulnerability, which is being tracked as CVE-2014-0569 in the Common Vulnerabilities and Exposures (CVE) database, was fixed in Flash Player updates last week.

The bundling of an exploit for CVE-2014-0569 in an attack tool that's sold on underground markets is unusual, especially since the vulnerability was privately reported to Adobe through Hewlett-Packard's Zero Day Initiative (ZDI) program, meaning its details should not be public.

To read this article in full or to leave a comment, please click here



‹ Prev   Next Article ›