One week after patch, Flash vulnerability already exploited in large-scale attacks

If you haven’t updated your Flash Player with the fixes released on Oct. 14, you may be vulnerable to new attacks using a commercial exploit kit called Fiesta, security researchers warn.

The vulnerability, which is being tracked as CVE-2014-0569 in the Common Vulnerabilities and Exposures (CVE) database, was fixed in Flash Player updates last week.

The bundling of an exploit for CVE-2014-0569 in an attack tool that’s sold on underground markets is unusual, especially since the vulnerability was privately reported to Adobe through Hewlett-Packard’s Zero Day Initiative (ZDI) program, meaning its details should not be public.

To read this article in full or to leave a comment, please click here

Read more: One week after patch, Flash vulnerability already exploited in large-scale attacks

Story added 21. October 2014, content source with full text you can find at link above.