Two exploit kits have been discovered to be taking advantage of a vulnerability in Adobe Flash. The vulnerability was discovered shortly after the 400GB data dump appeared on the internet, and security experts initially warned that it might be used by hackers.
Malwarebytes has reported discovering two exploit kits attempting to deliver cryptolockers. Both Neutrino and Angler EK began deploying malware late yesterday, and have been observed to have successfully attacked systems no matter what web browser the user was on.
This is possibly the fastest recorded documented case of weaponisation of an exploit. Mainly thanks to the mostly complete documentation of the vulnerability by Hacking Team, who used the exploit to deploy their own spyware products.
Fortunately, Adobe has pushed out a patch the vulnerability and all users are urged to immediately update their Flash plugins. Delaying the update could potentially expose users to these known exploit kits, although there are probably many more floating out on the internet going unnoticed.
[Source: Engadget]
