Attackers are exploiting a zero-day vulnerability in Flash Player
Attackers are using compromised websites to exploit a new and currently unpatched vulnerability in Flash Player, a malware researcher has reported.
The new exploit was observed in drive-by-download attacks launched with an exploit kit called Angler, according to an independent researcher who uses the online alias Kafeine.
Exploit kits are malicious Web applications that contain exploits for vulnerabilities in browsers and browser plug-ins such as Java, Flash Player, Adobe Reader and Silverlight. Attackers silently redirect users’ browsers to exploit kit installations by inserting rogue code in compromised websites and malicious advertisements.