Security News > 2016 > May > Latest Flash 0day exploit delivered via booby-trapped Office file (Help Net Security)
Four days have passed since Adobe patched the latest Flash Player 0day vulnerability exploited in attacks in the wild and, in the meantime, we have been given more details about the attacks and the exploit used. Genwei Jiang, the FireEye researcher who has been credited, along with several others, with the discovery of the flaw (CVE-2016-4117), says that the initial attacks were leveraged against targets running Windows and Microsoft Office. “Attackers had embedded the Flash … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/KPxY2_E4U00/
Related news
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Critical security hole in Apache Struts under exploit (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-05-11 | CVE-2016-4117 | Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016. | 9.8 |