A Look Behind The Skype Malvertising Campaign

PSA: Flash Zero-Day Now Active in The Wild

Update (07/08/15): Adobe has released a fix with version 18.0.0.203. Please update ASAP.

The Neutrino exploit kit is using a Flash zero-day which is still unpatched as we write this.

We first discovered the Flash zero-day hit at 3 PM PT and we believe it is the same as the one revealed in the Hacking Team hack, which we blogged about earlier today.

This is one of the fastest documented case of an immediate weaponization in the wild, possibly thanks to the detailed instructions left by Hacking Team.

neutrino

The exploit also works in Firefox (latest version):

FF

Only a few minutes later, Angler EK began firing the new zero-day (this was also reported by other sources):

Angler-0day

Malwarebytes Anti-Exploit users were already protected against this attack.

ABOUT THE AUTHOR

Jérôme Segura

Principal Threat Researcher