Last week, Zscaler ThreatLabZ has published analysis of a Flash zero-day vulnerability that has been getting attention in the news. Adobe has issued a security bulletin for the vulnerability, which had been infecting machines with a remote access trojan (RAT).
The vulnerability is fairly sophisticated, embedding encrypted shell code within an image that subsequently downloads the malware. Check out the research blog post for the full analysis.
As Zscaler security researcher Krishnan Subramanian notes:
"Browser plugins continue to be the Achilles heel of enterprise security. While enterprises struggle to ensure that browser plugins are up to date on all end user systems to prevent browser exploit kits from targeting known vulnerabilities, here we see yet another demonstration where even that is not enough. Attackers continue to identify and exploit 0day vulnerabilities in popular web browser plugins such as Adobe Flash, which unfortunately has a long history of dealing with such threats."