Security Alerts & News
by Tymoteusz A. Góral

History
#740 Adobe warns of Flash zero-day, patches Acrobat
Adobe rolled out security updates for three of its products on Tuesday, including 95 fixes it pushed for Acrobat, Reader, and ColdFusion.

Users will have to wait until later this week, however, to patch a critical vulnerability that exists in Flash Player. It may only be a matter of time until the vulnerability is publicly exploited; Adobe claims that it isn’t aware of any active exploits for the issue but is aware of a report that an exploit for the vulnerability, CVE-2016-4117, exists in the wild.

The zero day, dug up by Genwei Jiang, a researcher at FireEye, exists in Flash 21.0.0.226 and earlier versions for Windows, Mac, Linux, and Chrome OS, Adobe warned Tuesday. If exploited, the vulnerability could cause a crash and let an attacker take control of the system. A fix for the issue was not ready in time to ship with this week’s Patch Tuesday patches but the company claims it is planning to address the issue later in the week, potentially as early as Thursday.

As far as today’s patches go, 92 of the 95 issues that were fixed, address vulnerabilities in either Acrobat and Reader, the bulk of which were use-after-free vulnerabilities or memory corruption vulnerabilities that could lead to code execution, Adobe warns.
Read more
#749 Attackers targeting critical SAP flaw since 2013
#748 Viking horde malware co-ops Android devices for ad fraud
#747 Microsoft zero-day exposes 100 companies to PoS attack
#746 Malware parasites feed on PerezHilton.com gossip fans
#745 Wendy’s: Credit cards breach affected 5% of restaurants
#744 Mozilla launches Test Pilot, a Firefox add-on for trying experimental new features
#743 Backdoor as a software suite: How TinyLoader distributes and upgrades PoS threats (PDF)
#742 Microsoft Patch Tuesday 2016-05-10
#741 Software security suffers as startups lose access to Google’s virus data
#740 Adobe warns of Flash zero-day, patches Acrobat
#739 Microsoft patches JScript, VBScript flaw under attack
#738 Internet Explorer zero-day exploit used in targeted attacks in South Korea
#737 Checking in with spear phishing, criminals check out with hotel credit card data
#736 IBM’s Watson supercomputer takes on security
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12