Malware, Patch/Configuration Management, Vulnerability Management

Adobe hurries update to fix Flash zero-day vulnerabilities

Adobe this week released an update to its Flash Player to close three vulnerabilities, two of which are under active attack.

"Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content," according to a security bulletin.

Users are encouraged to update to version 11.6.602.171 for Windows and Macintosh and 11.2.202.273 for Linux.

Updates can be installed here.

Related

Vulnerable devices subjected to ongoing attacks with updated Mirai botnet

BleepingComputer reports that intrusions involving a new Mirai-based botnet have been targeting Teltonika RUT9XX routers impacted by the CVE-2018-17532 flaw, TP-Link devices affected by CVE-2023-1389, and DigiEver DS-2105 Pro network video recorders with a yet-to-be patched remote code execution vulnerability as part of an attack campaign believed to have commenced in September.

Novel BellaCiao malware variant launched by Charming Kitten

Attacks with an updated C++ variant of the BellaCiao dropper malware dubbed "BellaCPP" have been deployed by Iranian state-backed threat operation Charming Kitten — also known as APT35, CharmingCypress, CALANQUE, Mind Sandstorm, TA453, Newscaster, and Yellow Garuda — to facilitate further payload delivery, according to The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

AdwareBugBuffer OverflowDisassembly

You can skip this ad in 5 seconds