NEWS: Updated - ADOBE Exploit Targeting Adult
 

At this point, I think it's safe to call the security level of Adobe's Flash player "asinine". Sometimes, it feels like full-blown OSes, such as Windows, have far fewer bugs.

Adobe issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit). To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year. This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather specific: porn watchers. According to FireEye, which has researched the CVE-2015-0311 vulnerability extensively, this exploit has reached people via banner ads on popular adult websites. It was also noted that even a top 1000 website was affected, so it's not as though victims are surfing to the murkiest depths of the web to come in contact with it.

Care of the beautiful ones @ SLASHDOT.ORG

thanks for the news

Someone knows what is this top1000 website that is affected ?

It appears that this is a bit worse (much) than others over the years. If you read the article, it's pretty blowmind. Just a banner can inject code. Also, don't forget that YouTube finally made the conversion site-wide last week or so away from Flash altogether.

Flash is so pathetic, vulnerable and open, I'm amazed it's lasted this long. Any good coder will tell you that.

And, a "Top 1000" site just means that it's a matter of time before this exponentially replicates to the higher ups. But... Most here at GFY are without a doubt part of the less-than-1000 sites online around the world. I hope this leads more & more masters/mistresses AWAY from any & all Flash permanently from now on.

All of my new sites are being built with ani-gifs & JS. Any sponsor using page-peel, banner flash, and any other flash aspects should be highly suspect from now on. FLASH-IS-DEAD and should remain that way. And should not be allowed on any sites any longer - including this one.

yes thanks, i create flash games and for some reasons it is more convenient that html5
Also i play from time to time with flash binaries and i have no reason to think that...

yeah cool, flash is dead for a single exploit...

If you create flash games you have a lot of balls saying "flash is dead for a single exploit..."

Are you seriously saying that? Really? I'm blown away man.

Because that's like saying earthquakes have only happened once in California. You should hook up on the news for the last decade or so. You remember, back in the Macromedia days and beyond.

Get in touch with some good & experienced coders and tell them what you just posted here.

html5 is the default option for CHROME !

it's called irony

anyway i know that programmers can be good to promote hyped stuff: it helps them to make more money and get a rid of their competitors.
So, no, i don't care...

This is a global news story bro, and an important one at that.

But thanks for the bumps man. And grab a good AVP.

Good luck :thumbsup

let's see, anyway, do you really things that all these flashs games will be lost for good ?

I bet that even is adobe decides to stop flash for good, that the open source community is gonna create some free stuffs that will read flash...

Dude, I'm watching COPS, Season 23 Episode 12 with beer & Skyy waiting for the SEAHAWKS TO FUCKING WIN THE SUPER BOWL and I don't have time to raise you in common knowledge when it comes to flash. You've been here since 2006, and should know better. Just hook up with Ars Tech & Slashdot a bit more. And polish up the grammar.

I'm out. Some chick just got slammed with a taser.