The Angler exploit kit is one of the most popular crimeware kit and according to the French security researcher Kafeine it was enriched with a fresh Adobe Flash zero-day vulnerability. Kafeine has discovered a new variant of the Angler exploit kit that exploit three different vulnerabilities in Flash Player, including the zero-day flaw for the latest version of Flash (version 184.108.40.2067) in several versions of Internet Explorer running on Windows 7 and Windows 8.
This new version of the Angler exploit kit includes also the code to exploit two known bugs, the researcher that he first discovered the exploit for the zero-day in Flash on Wednesday and that it is being used in the wild to install a the Bedep malware.
Kafeine has verified that IE 10 on Windows 8, IE 8 on Windows 7 and IE 6-9 on Windows XP all are being exploited, meanwhile Chrome safe such as a fully patched Windows 8.1. Kafeine hasn’t disclosed the MD5 of the new exploit, he is suggesting to disable Flash Player since the flaw will be fixed.
“Disabling Flash player for some days might be a good idea,” he said.
Adobe declared that it is aware of the new Angler exploit kit and is already investigating it.
(Security Affairs – Angler exploit kit, malware)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.