Adobe Flash Player 0-day and HackingTeam’s Remote Control System

Adobe Flash Player CVE-2013-0633 is a critical vulnerability that was discovered and reported to Adobe by Kaspersky Lab researchers Sergey Golovanov and Alexander Polyakov. The exploits for CVE-2013-0633 have been observed while monitoring the so-called -legal- surveillance malware created by the Italian company HackingTeam. In this blog, we will describe some of the attacks and the usage of this 0-day to deploy malware from -HackingTeam- marketed as Remote Control System. Read Full Article

Adobe Incubates Flash Runtime for Firefox

The Adobe AIR and Adobe Flash Player Incubator program updated their Flash Platform runtime beta program to version 5, delivered as Flash Player version 11.2.300.130. It includes a “sandboxed” version of the 32-bit Flash Player they are calling “Protected Mode for Mozilla Firefox on Windows 7 and Windows Vista systems”. It has been over a year since Adobe discussed the Internet Explorer ActiveX Protected Mode version on their ASSET blog, and the version running on Google Chrome was sandboxed too. Read Full Article

Adobe September 2011 Patch Release

In addition to today’s Microsoft updates, users of Adobe’s Reader and Acrobat software on both Windows and Apple systems need to update their software ASAP. Adobe released Bulletin APSB11-24, addressing at least thirteen memory corruption flaws, and several privilege escalation, logic flaw, and bypass issues. Read Full Article

Patch Tuesday June 2011

Patches are up! This month’s patch Tuesday is a sizable one by any standards. Microsoft is patching a total of 34 vulnerabilities in 16 bulletins. At least eight different product lines are updated. Adobe is coordinating release of Reader, Acrobat, Shockwave and Flash updates as well today. Read Full Article

Pegel now in banners

We’re still monitoring Pegel, and we’ve come across something which piqued our interest: redirects to malicious websites hosting exploits weren’t only coming from infected legitimate sites, but also from flash ads on legitimate sites. Read Full Article