1 |
This is cut/pasted from today's @RISK email from sans.org: |
2 |
|
3 |
|
4 |
Title: Adobe Releases Emergency to Patch Zero Day Under Active |
5 |
Exploitation in the Wild |
6 |
Description: Adobe released an out-of-band patch to address |
7 |
CVE-2015-3113, a Flash Player zero-day vulnerability that is actively |
8 |
being used by an APT group. The exploit has been ongoing since early |
9 |
this month via phishing emails and affects Windows, Mac, and Linux |
10 |
users. CVE-2015-3113 is a vulnerability in the way Flash parses Flash |
11 |
Video Files (FLV). The exploit bypasses memory-based protection such |
12 |
as ASLR and uses return-oriented programming (ROP) to bypass data |
13 |
execution prevention (DEP). |
14 |
Reference: |
15 |
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html |
16 |
|
17 |
I see that the gentoo devs have already added the latest version to my |
18 |
~amd64 machine (thanks, team) but what about all the people who are |
19 |
running stable gentoo? |