2 x Adobe Zero Day Exploits

Two exploits given CVE references CVE-2013-0633 and CVE-2013-0634 have been reported by Adobe as being exploited in the wild targeting Windows and Mac users.

Users should update their flash if it does not do so automatically. The affected versions and platforms are as follows

  • Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.261 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x

CVE 2013-0634 utilises Microsoft Office documents that when opened causes a malicious flash file to be executed. CVE 2013-0633 requires the malicious flash object to be hosted on a website.

Fire Eye has a good posting about how these exploits operate here utilising the LadyBoyle exploit code.

Interesting, it also appears that these exploits were used as part of a spear phishing campaign targeted at Boeing see more here.

There is also coverage at ‘Malware Must Die’ site here.

Kind Regards

Cyberkryption

 

Comments are closed.