| 1 |
This is cut/pasted from today's @RISK email from sans.org: |
| 2 |
|
| 3 |
|
| 4 |
Title: Adobe Releases Emergency to Patch Zero Day Under Active |
| 5 |
Exploitation in the Wild |
| 6 |
Description: Adobe released an out-of-band patch to address |
| 7 |
CVE-2015-3113, a Flash Player zero-day vulnerability that is actively |
| 8 |
being used by an APT group. The exploit has been ongoing since early |
| 9 |
this month via phishing emails and affects Windows, Mac, and Linux |
| 10 |
users. CVE-2015-3113 is a vulnerability in the way Flash parses Flash |
| 11 |
Video Files (FLV). The exploit bypasses memory-based protection such |
| 12 |
as ASLR and uses return-oriented programming (ROP) to bypass data |
| 13 |
execution prevention (DEP). |
| 14 |
Reference: |
| 15 |
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html |
| 16 |
|
| 17 |
I see that the gentoo devs have already added the latest version to my |
| 18 |
~amd64 machine (thanks, team) but what about all the people who are |
| 19 |
running stable gentoo? |
Archives