The Register: Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO!

The Register: Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO! . “Stop us if you’ve heard this one before: An Adobe Flash zero-day vulnerability is being actively targeted in the wild to hijack victims’ Windows PCs. Researchers with Gigamon Applied Threat Research (ATR) and Qihoo 360 uncovered a phishing campaign that exploits CVE-2018-15982, prompting Adobe to today release an out-of-band emergency update to patch up the flaw.”

BetaNews: 0patch creates a 0-day patch for Windows gdi32.dll vulnerability before Microsoft

If you like living dangerously, you might want to check out this third-party patch for a recently-disclosed Windows vulnerability. “A new project going by the name of 0patch has created a ‘0patch’ for a zero-day, addressing the Windows gdi32.dll memory disclosure (CVE-2017-0038) yet to be fixed by Microsoft. As the issue is unlikely to receive an official patch until at least the middle of March, this third-party option is all that’s available for now.”

Zero-Day Exploits Hit New Heights in 2015

Does it feel like there are more zero-day security announcements than ever? You’re not wrong. “The number of “zero-day” exploits—a term that was coined because affected software developers have zero days to release a patch that keeps users protected—reached an unprecedented 54, according to researchers at security firm Symantec. That number compared with 24 in 2014, 23 in 2013, and 14 in 2012.”

The Day Ends in Y, So It’s Time for An Emergency Flash Patch

Dum-de-dum, another emergency Flash patch, anyone? And it’s zero-day, too! “Adobe is working on an emergency patch for its Flash Player after attackers are reportedly exploiting a critical flaw. The vulnerability, CVE-2016-1019, affects Flash Player version 21.0.0.197 on Windows, Mac, Linux and Chrome OS, according to an advisory published on Tuesday.” Have I asked you to turn off Flash lately?

Pwn2Own Hacking Contest Off to a Scary Start

The Pwn2Own annual hacking contest is off to a scary start. “On Wednesday, four teams and a researcher who competed on his own made six attempts to hack this year’s targets: Safari running on OS X, Chrome running on Windows, Microsoft Edge running on Windows and Flash Player on Windows. Four attempts were successful, one was only partially successful and one failed.”