最新消息

【漏洞預警】駭客透過 Hacking Team Flash Zero-Day (CVE-2015-5119)漏洞進行攻擊

[內容說明:]

轉發 趨勢科技 漏洞/資安訊息警訊

趨勢科技近來發現一個嚴重的漏洞(CVE-2015-5119),這個漏洞影響所及遍布所有版本的Adobe Flash。Adobe Flash遭到入侵後可能會當掉,駭客也可能取得受害系統的控制權。Adobe已經發布了一則安全公告並建議用戶儘速套用安全性更新。

最近對台灣造成重大影響的勒贖軟體(Ransomware)也可能透過此漏洞進行攻擊,並針對重要檔案進行加密。

此外我們也觀察到已經有部分台灣網站遭受駭客入侵,利用此漏洞植入後門程式。

 

[影響平台:]

•Adobe Flash Player 18.00.194 and earlier versions for Windows and Macintosh

•Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh

•Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux

 

[建議措施:]

建議您儘速安裝原廠所釋出的安全性更新或修補程式。

 

[參考資料:]

•Hacking Team Flash Zero-Day Integrated Into Exploit Kits (Trend Micro Security Intelligence Blog):

http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-integrated-into-exploit-kits/

•A Look at the Open Type Font Manager Vulnerability from the Hacking Team Leak (Trend Micro Security Intelligence Blog):

http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-the-open-type-font-manager-vulnerability-from-the-hacking-team-leak/

•Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak (Trend Micro Security Intelligence Blog):

http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/

•Adobe Security Bulletin:

 https://helpx.adobe.com/security/products/flash-player/apsa15-03.html

 

(此通報僅在於告知相關資訊,並非為資安事件),如果您對此通報的內容有疑問或有關於此事件的建議,歡迎與我們連絡。

教育機構資安通報應變小組
網址:https://info.cert.tanet.edu.tw/
專線電話:07-5250211
網路電話:98400000
E-Mail:Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它

Our website is protected by DMC Firewall!