It appears there are more ‘bugging’ avenues on Adobe Systems Incorporated (NASDAQ:ADBE) latest Flash release, 16.0.0257, routine exploits by known malware by Angler Kit’s ‘Bedep.’ According to security researcher Kafeine, the first inkling of this intrusion was first found on Wednesday. Later, the researcher based in France, admitted to finding Angler Kit’s exploits picking on Adobe Systems Incorporated llatest release’s two known bugs and many unknown vulnerabilities, via Bedep.

What’s Bedep

Bedep is a malware that is used by Flash-attacker Angler Kit, which leaves no traces of infection on the exploited machine. Researchers have found that Angler does have a fondness for Flash exploits, for, within days of Flash issuing fixes, the kit has its exploits out for the patches!

Angler Kit’s exploits

Angler Kit exploits Flash vulnerabilities in the various browser versions such Windows 7 as well as Windows 8, besides Internet Explorer. Angler Kit is able to do so on earlier occasions by using a form of malware that does not ride on files to infect.

According to Kafeine Bedep is continuing to be used in the current forays as well, but does not expect Angler to deploy the latest exploit it has for Flash’s much talked about zero-day. Neither is the new exploit in use on the big name browser as well.

Thus far, Kafeine detected that on Windows version 8, Internet Explorer 10 was the vehicle, Internet Explorer 8 on Windows 7 as well Internet Explorer 6 to 9 versions on the Windows XP line-up as well.

However, the good news is that Chrome is not a target and the full patch of Windows 8.1 has ensured that Angler Kits exploits are ineffective.

As users wait for Kafeine to publish his MD5 for the newer exploit, he recommends disabling Flash player and waiting for Adobe Incorporated to fix the loop-hole.

1 COMMENT

  1. Great!!! (Sarc!) Guess what version was just done to my PC within the last week? Flash version 1600257 – the very same version mentioned in this report. But it didn’t come through IE, since I deactivated that once MS stopped supporting XP, no, it came through my “automatic updates” program. It’s enough to stop automatic updates altogether since you can’t trust these fkg Adobe programs as far as you can throw them.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

What is 9 + 6 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)