New zero-day vulnerabilities discovered in Flash Player

Featured

News & Threats:

Posted 523 days ago by AVG Blogs

What has been found?

Two new vulnerabilities in Adobe’s ubiquitous Flash Player have been discovered and allegedly can be used to an arbitrary code execution remotely. Essentially these vulnerabilities could allow someone to remotely seize control of a PC without the consent of the owner.

Who discovered these exploits?

The exploits were discovered by a Russian vulnerability research firm called Intevydis. They have created a popular application called Vulndisco designed to test the robustness of programs to exploits. The process, known as “penetration-testing”, is an excellent way of finding software vulnerabilities and security holes.

Interestingly, Intevydis has refused to give Adobe the details of the vulnerabilities. As of last year Evgeny Legerov, the founder and CEO of Intevydis, declared that they will no longer inform software vendors of vulnerabilities they discover.

How can I stay protected?

While Adobe is yet to comment on these latest Zero-day exploits, they are actively working to resolve vulnerabilities as soon as they are aware of them. Next week should see the release a patch to fix some previously discovered security holes in Adobe Reader.

To ensure that you are as well protected as possible, ensure that you have automatic updates enabled for any software you are running (including your OS). Most programs will have this automatically enabled as default.

As always, ensure that you have security software installed so that you have the best possible chance of thwarting a problem or intruder before any damage is caused.

Print Story

Email Story

http://www.facebook.com/people/NancyF-Drew/560053854 NancyF Drew

Yes, I’m wondering….sometimes when I first turn it on a flash-player update pops up on my screen…thank goodness you block them for me! Am I being attacks by such a pop-up before I go to the internet?
bostonrent

Threat name: Exploit JavaScript Obfuscation (type 156)

File name: tubeni.com/enterpoint.php?ppconly

My virus protection blocked this threat. I happened a pop up said their was a Adobe update and I clicked on it. Hopefully someone can fix this problem.
bostonrent

Also,

Process name: C:WindowsSystem32ping.exe

Process ID: 5648
http://www.facebook.com/people/Scott-Talbott/1679082249 Scott Talbott

I am having this problem. Also, redirecting off search engine results. Unstable computer. Processor running at about 80% busy constantly. Blue screens alot.
http://www.facebook.com/rgspray Rodney Gordon Spray

I was asked to update my FlashPlayer and adobe Reader on our Govt. Tax (SARS) website and when I ran a scan, AVG informed me of this threat and sent it to the virus vault
Threat name: Exploit JavaScript Obfuscation (type 156)

My computer is very slow and I suspect that a Trojan is there but AVG does not scan and clean Trojan Threats automatically. What can I do to search, scan and clean for these Trojan attacks?

Thanks
Rodney
http://www.facebook.com/brenda.hodgkin1 Brenda Hodgkin

Rodney Avg does pick up trojans I have had vairios Trojans removed well befor I have read the email in my inbox. You need to make sure that your Avg is working at full capacity. Try removing the software,and re-downloading it and then do all updates for the package THE RUN A FULL SCAN! Brenda

Avatars by Sterling Adventures