Hazardous 0day vulnerabilities discovered in Adobe Flash Player and Oracle Java
Adobe Flash Player discovered the third critical 0day vulnerability in the last two weeks, which allows attackers to remotely execute code through a browser. An exploit was also present in the archive with leaked data from the Hacking Team . The vulnerability received a CVE-2015-5123 identifier and was later included in security notification APSA15-04 , which we mentioned earlier. ESET antivirus products detect an exploit for this vulnerability as SWF / Exploit.Agent.IR .
In turn, TrendMicro announced the discovery of a 0day RCE exploit for the well-known Oracle Java software, which has already been repeatedly hit by the intruders' lenses. The exploit was used in targeted attacks as part of the well-known cyber attack Pawn Storm. In this operation, the attackers used and malware for mobile platforms, including iOS. ESET anti-virus products detect this exploit's payload as Win32 / Agent.XIJ .
')
We strongly recommend that users disable Flash Player for their browser before the release of the fix by Adobe. Instructions for this process can be found here .
Instructions for disabling the Java plugin can be found here .
be secure.
In turn, TrendMicro announced the discovery of a 0day RCE exploit for the well-known Oracle Java software, which has already been repeatedly hit by the intruders' lenses. The exploit was used in targeted attacks as part of the well-known cyber attack Pawn Storm. In this operation, the attackers used and malware for mobile platforms, including iOS. ESET anti-virus products detect this exploit's payload as Win32 / Agent.XIJ .
')
We strongly recommend that users disable Flash Player for their browser before the release of the fix by Adobe. Instructions for this process can be found here .
Instructions for disabling the Java plugin can be found here .
be secure.
Source: https://habr.com/ru/post/262511/
All Articles