Part 1 of this blog described and analyzed the CVE-2012-1535 vulnerability in Adobe Flash Player. Here, we describe the fixes and mitigations that can be employed for this and similar exploits. Fixes and mitigations To avoid being vulnerable, you need to update Adobe Flash Player to the latest release from here. Recent versions of Adobe Flash Player […]
This post is part one of two. On August 14th, Adobe released a fix and an advisory for a vulnerability (CVE-2012-1535) in Adobe Flash Player. On Windows systems, Adobe Flash Player 11.3.300.270 and earlier versions are vulnerable. The advisory notes that this vulnerability has been used for targeted attacks. We analyzed a sample with a […]
We observed a zero-day attack aimed at a Chinese high school webpage and leveraged the Microsoft XML Core Services vulnerability. This discovery came about just days after Microsoft released an advisory regarding the vulnerability. The perpetrators behind the attack compromised a high school entrance exam result page in Jiangsu, China, which is visited by about […]
Latest Comments