Member Since: 11/27/2010
Posts: 9,806
|
Hackers advise people to uninstall flash!
Here
Quote:
Let's all take a ride on Brian Krebs' cycle: [You're fired -Ed.]
For the second time in a week, Adobe Systems Inc. says it plans fix a zero-day vulnerability in its Flash Player [this week]. Adobe said the flaw is present in the latest version of Flash for Windows, Mac and Linux.
…
There is every reason to believe this exploit will soon be folded into exploit kits, crimeware used to foist drive-by downloads. ... On Wednesday, Adobe patched a different vulnerability in Flash...but not before code designed to attack the flaw was folded into the Angler and Nuclear exploit kits.. MORE
Chris Williams clarifies that it's actually two new vulns:
[The] programming flaws, for which no patches exist, are identified as CVE-2015-5122 and CVE-2015-5123. [They] let malicious Flash files execute code on victims' computers and install malware.
…
[All three] vulnerabilities were documented in stolen copies of files leaked online from spyware maker Hacking Team. ... Everyone with Flash installed should remove or disable the software...or at least enable "click to play". MORE
And Phil Muncaster credits where credit's due:
CVE-2015-5122 was discovered by FireEye threat researcher, Dhanesh Kizhakkinan, who [said] it’s a use-after-free flaw. [And] CVE-2015-5123...was discovered by Trend Micro threat analyst, Peter Pi, who [said] it’s a ValueOf bug.
…
The discovery has once again ignited debate around whether the trade in software vulnerabilities between so-called ‘reputable’ companies and governments is ethically any different from that which takes place on the cyber-criminal underground. MORE
So Cyrus Farivar uncovers the market in vulns:
If you’re a Moscow-based zero-day exploit seller, all you have to do is e-mail a spyware company like Hacking Team [and get] paid tens of thousands of dollars in just a matter of weeks.
…
The Moscow vendor’s first e-mail, dated October 13, 2013, was short and to the point. ... Hacking Team staff discussed how to proceed and were excited when Guido Landi...discovered that Toropov had a reputation. ... On October 25, 2013, the two parties came to an agreement.
…
It’s clear after reviewing other e-mails in the Hacking team archive that the firm wasn’t just buying from Toropov but from numerous others as well. ... Eric Rabe, Hacking Team’s spokesman, did not immediately respond to [my] questions. MORE
Meanwhile, "Taylor Swift" shakes it off:
This is bad.
…
Just uninstall Flash. You really, really won't miss it and your browsing will be faster. [Or] just use Chrome, exploit kits don't seem able to pierce its security layer around Flash right now.
…
Freaking Steve Jobs was right about Flash.
…
You hear in the news about programs that hold people's files for ransom? A lot of those are delivered via exploit kits as they surfed web. ... Updating your system is the #1 way to protect it. But days like today, that isn't always enough. ... Remember: Your computer has value. People will steal your passwords, lock files, or use you to route illegal traffic through YOUR connection.
…
Imagine how many Flash 0days the NSA have [scream emoji] MORE
|
They were able to penetrate the Chrome sandbox. Adobe says it will have a fix next week.
http://wccftech.com/adobe-fix-flash-hacking-team/
http://arstechnica.com/security/2015...l-chrome-user/
Facebook is now saying Adobe needs to announce and end of life date for Flash
FireFox blacklists Flash!
|
|
|
|
I can't risk losing my comp. tbh