One week after patch, Flash vulnerability already exploited in large-scale attacks
If you haven’t updated your Flash Player with the fixes released on Oct. 14, you may be vulnerable to new attacks using a commercial exploit kit called Fiesta, security researchers warn.
The vulnerability, which is being tracked as CVE-2014-0569 in the Common Vulnerabilities and Exposures (CVE) database, was fixed in Flash Player updates last week.
The bundling of an exploit for CVE-2014-0569 in an attack tool that’s sold on underground markets is unusual, especially since the vulnerability was privately reported to Adobe through Hewlett-Packard’s Zero Day Initiative (ZDI) program, meaning its details should not be public.
To read this article in full or to leave a comment, please click here
Read more: One week after patch, Flash vulnerability already exploited in large-scale attacks