Jump to content
Sign in to follow this  
RV_

Two High risk Flaws From Adobe Flash and Chrome Extensions

Recommended Posts

For Windows 10 users this update is available in Windows updates now.

Flash has an out of cycle update for a serious vulnerability:

Adobe releases out-of-band security update for newly discovered Flash zero-day

Zero-day spotted embedded in malicious Office documents uploaded on VirusTotal.

Excerpt:

"Adobe released patches today for a new zero-day vulnerability discovered in the company's popular Flash Player app. The zero-day has been spotted embedded inside malicious Microsoft Office documents.

These documents were discovered last month after they've been uploaded on VirusTotal, a web-based file scanning service, from a Ukrainian IP address.

According to reports from Gigamon (formerly ICEBRG) and Chinese cyber-security firm Qihoo 360 Core Security, the two companies which spotted the documents, the zero-day was embedded as a Flash Active X object inside a Word document designed to look like a seven-page employment application for a Russian state healthcare clinic.

If victims who received the documents allowed the Flash Active X object to execute, researchers said the malicious code would escalate its access from the Office app to the underlying OS. Here it would drop a JPG file, then unzip another RAR file attached at the end of this JPG file to drop an EXE file on the victim's PC, and then run this file (a basic barebones backdoor trojan). Researchers said this zero-day was capable of running on both 32-bit and 64-bit architectures."

More here in the original article: https://www.zdnet.com/article/adobe-releases-out-of-band-security-update-for-newly-discovered-flash-zero-day/?promo=404&tag=nl.e404.em&ttag=e404&s_cid=e404&ftag=CAD-04-10aag0g&cval=cnet-nl-zd&regId=MjA2NDA1NjI0MTM4ODQzODU4MTc4MDc0NzE1ODEwMzE%3D&bhid=20640562413884385817807471581031

 

And this:

Cyber-espionage group uses Chrome extension to infect victims

Suspected North Korean APT uses Google Chrome extension to infect victims in the academic sector.

https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/?promo=404&tag=nl.e404.em&ttag=e404&s_cid=e404&ftag=CAD-04-10aag0g&cval=cnet-nl-zd&regId=MjA2NDA1NjI0MTM4ODQzODU4MTc4MDc0NzE1ODEwMzE%3D&bhid=20640562413884385817807471581031

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

RVers Online University

campgroundviews.com

Our program provides accurate individual wheel weights for your RV, toad, and tow vehicle, and will help you trim the pounds if you need to.

Rv Share

Dish For My RV.

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.



×