Cybersecurity Firms Warn of Multiple Zero-Day Vulnerabilities in Adobe Flash and Microsoft Windows
Cybersecurity firms have sounded the alarm on a series of vulnerabilities affecting popular software, including Adobe Flash and Microsoft 365. These issues have been exploited in the wild, putting the general public at risk.
The recent data breach at HackingTeam has led to the exposure of three zero-day vulnerabilities in Adobe Flash. ExploitKits have already integrated these unknown attacks, targeting unsuspecting users. Adobe has swiftly addressed two of these issues and is set to patch the remaining two today.
Meanwhile, Microsoft has issued a critical bulletin, MS15-078, to fix a font problem that allows remote code execution across all versions of Microsoft 365. This out-of-band release comes in response to the availability of exploit code in the wild, as reported by Google's Project Zero and discovered by security firms FireEye and TrendMicro. Additionally, a zero-day vulnerability in Microsoft Internet Explorer was uncovered by Kaspersky Lab.
TrendMicro has played a significant role in uncovering these vulnerabilities. They first reported the Java 0-day, which affects the latest version (v8u45) and is being used in targeted attacks. Oracle will address this issue, along with 24 others, in their upcoming Critical Patch Update for July 2015.
The cybersecurity landscape has seen a flurry of activity, with multiple zero-day vulnerabilities being exploited and patched simultaneously. Users are urged to update their software promptly to protect against these threats.
