Faster than the speed of light: Analysis of a Flash Zero-Day

February 24, 2014 - 1 min read

Contents

Article
More blogs

Last week, Zscaler ThreatLabZ has published analysis of a Flash zero-day vulnerability that has been getting attention in the news. Adobe has issued a security bulletin for the vulnerability, which had been infecting machines with a remote access trojan (RAT).

The vulnerability is fairly sophisticated, embedding encrypted shell code within an image that subsequently downloads the malware. Check out the research blog post for the full analysis.

As Zscaler security researcher Krishnan Subramanian notes:

"Browser plugins continue to be the Achilles heel of enterprise security. While enterprises struggle to ensure that browser plugins are up to date on all end user systems to prevent browser exploit kits from targeting known vulnerabilities, here we see yet another demonstration where even that is not enough. Attackers continue to identify and exploit 0day vulnerabilities in popular web browser plugins such as Adobe Flash, which unfortunately has a long history of dealing with such threats."

Thank you for reading

Was this post useful?

Yes, very!

Not really

Disclaimer: This blog post has been created by Zscaler for informational purposes only and is provided "as is" without any guarantees of accuracy, completeness or reliability. Zscaler assumes no responsibility for any errors or omissions or for any actions taken based on the information provided. Any third-party websites or resources linked in this blog post are provided for convenience only, and Zscaler is not responsible for their content or practices. All content is subject to change without notice. By accessing this blog, you agree to these terms and acknowledge your sole responsibility to verify and use the information as appropriate for your needs.