Menu
A recently patched Flash Player exploit is being used in widespread attacks

A recently patched Flash Player exploit is being used in widespread attacks

An exploit for the previously zero-day CVE-2016-4117 vulnerability is now in the Magnitude exploit kit

It took hackers less than two weeks to integrate a recently patched Flash Player exploit into widely used Web-based attack tools that are being used to infect computers with malware.

The vulnerability, known as CVE-2016-4117, was discovered earlier this month by security researchers FireEye. It was exploited in targeted attacks through malicious Flash content embedded in Microsoft Office documents.

When the targeted exploit was discovered, the vulnerability was unpatched, which prompted a security alert from Adobe Systems and a patch two days later.

As it usually happens with zero-day exploits, it was only a matter of time until more cybercriminals got their hands on the CVE-2016-4117 exploit code and started using it in widespread attacks.

On Saturday, a malware researcher known as Kafeine spotted the exploit in Magnitude, one of the most popular exploit kits used by cybercriminals.

Exploit kits are Web-based attack tools that bundle multiple exploits for vulnerabilities in browser plug-ins like Flash Player, Java, Silverlight and Adobe Reader. They are used to silently install malware on users' computers when they visit malicious or compromised websites.

Another way to direct users to exploit kits is through malicious ads posted on legitimate websites, a technique known as malvertising.

Unlike cyberespionage groups, exploit kit creators and operators don't mind if their exploits are for patched vulnerabilities, because they count on the fact that a large number of users don't frequently update their software.

However, the fact that it took them less than two weeks to find the exploit and add it to their tools, increases the number potential victims with a vulnerable Flash Player installations.

In order to stay protected users should make sure that they're running the latest version of Flash Player available for their browser and should also make sure that the other browser plug-ins are also up to date.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments